Ex-Meta worker exposes WhatsApp flaws

WhatsApp’s privacy bombshell lawsuit

A former top WhatsApp security executive just filed a lawsuit against Meta, claiming the app has serious cybersecurity flaws that put billions of users at risk. He says engineers had wide-open access to private data, and Meta ignored his warnings. 

With WhatsApp being one of the world’s biggest messaging apps, the claims are sparking major privacy concerns worldwide.

Engineers had full access

The lawsuit alleges that about 1,500 WhatsApp engineers could access sensitive personal data without proper oversight. This reportedly included contact info, IP addresses, and even profile photos. 

The former executive says data could be moved or stolen without leaving any trace. If true, that means user privacy was far weaker than most people believed.

Meta accused of retaliation

The former security chief, Attaullah Baig, claims he faced retaliation after raising these concerns. According to the suit, within days of his first cybersecurity disclosures, he started receiving negative performance reviews and criticism from his bosses. 

He says the retaliation continued for years, eventually ending with his termination in 2025.

Mark Zuckerberg was warned

Baig says he repeatedly escalated the issues, even sending two letters directly to Meta CEO Mark Zuckerberg. 

One letter reportedly informed him that Baig had filed a complaint with the Securities and Exchange Commission. Despite these alerts, Baig claims the company still failed to fix the alleged security flaws.

Lawsuit outlines compliance risks

According to the lawsuit, the security lapses violated Meta’s obligations under a $5 billion privacy settlement with the Federal Trade Commission in 2020. 

That deal came after the Cambridge Analytica scandal, and it requires Meta to maintain strong privacy protections until 2040. Baig claims WhatsApp fell far short of those promises.

Flaws beyond data access

The allegations go beyond engineer access. Baig says WhatsApp failed to maintain a proper 24/7 security operations center.

They had no full inventory of systems storing user data, and lacked monitoring tools to track who was viewing information. He argues that all of this created massive risks for compliance and user trust.

Meta pushes back hard

Meta strongly denies the claims. In statements, company spokespeople said Baig was dismissed for poor performance.

The company claimed that Baig’s accusations misrepresent the hard work of WhatsApp’s security teams. The company insists it has a strong track record of protecting user privacy and suggested Baig’s lawsuit is a “familiar playbook” of a disgruntled ex-employee.

Billions of users at stake

WhatsApp has over three billion active users worldwide, making it one of the most widely used apps on the planet. That means any flaw in its systems could potentially affect a massive portion of the global population.

The idea that internal staff could move user data without detection raises unsettling questions about digital privacy.

Hacked accounts ignored

The lawsuit also claims WhatsApp wasn’t addressing a major security issue. More than 100,000 accounts are hacked or taken over every single day. 

Baig says he flagged this problem repeatedly and even suggested fixes. But management allegedly prioritized user growth over dealing with the issue.

Regulatory filings and complaints

Baig didn’t just stop at internal complaints. He filed with the SEC, warning that Meta hadn’t disclosed serious cybersecurity risks to investors. 

He also filed with the Occupational Safety and Health Administration in early 2025, accusing the company of systemic retaliation. That complaint was later dismissed, but Baig pushed ahead with his case.

From banking to tech giant

Before joining Meta in 2021, Baig worked in cybersecurity roles at PayPal, Capital One, and other major financial firms. That background gave him a track record in spotting potential security risks.

With that experience, concerns about WhatsApp’s vulnerabilities could reasonably be seen as serious, potentially affecting both users and investors.

Fired during layoffs round

In February 2025, Meta laid off around 5% of its workforce, and Baig was included in that round. The company cited poor performance as the reason for his termination.

But the lawsuit claims the timing was no coincidence and argues that it was the “culmination of two years of retaliation.”

Whistleblower support network

Baig is being represented by a law firm and Psst.org, an organization that helps whistleblowers. His legal team argues that his case shows how large companies can suppress internal critics.

These critics often try to raise alarms about user safety and regulatory compliance.

Meta’s history of scrutiny

This lawsuit adds to the long list of controversies Meta has faced about data privacy. From Cambridge Analytica to repeated regulatory fines, the company’s platforms are under constant watch. 

The fresh claims around WhatsApp highlight that even after billion-dollar settlements, concerns about privacy haven’t gone away.

Meta’s defense strategy

So far, Meta’s strategy has been to dismiss Baig’s allegations as baseless, highlighting that outside regulators have already thrown out at least one of his complaints.

The company also points to the strong work of its teams, signaling it will fight the case aggressively in court.

Is Eminem’s $109 million lawsuit about to shake Meta or just make headlines? See why Meta faces a $109 million lawsuit from Eminem and what’s really at stake.

What this means for you

For everyday users, the case is a reminder of how much trust we put in messaging apps. Whether Baig’s claims hold up in court or not, they raise questions about how secure our personal data really is. 

Staying aware, updating privacy settings, and keeping pressure on big tech companies may be the only way to protect our digital lives.

Was Meta’s major outage just a glitch or a sign of deeper tech trouble? See how Meta’s platforms face a major outage and what it means for users.

Do you think these issues put users at risk, or will they be fixed quickly? Share your thoughts in the comments, and hit like if privacy matters to you.

Read More From This Brand:

• Meta CEO offers top AI talent blockbuster pay packages
• Meta reportedly gains two more elite AI researchers from OpenAI
• Meta Quest and Vision Pro compared for immersion and usability

Don’t forget to follow us for more exclusive content right here on MSN.

If you like this story, you’ll LOVE our Free email newsletter. Join today and be the first to receive stories like these.

This slideshow was made with AI assistance and human editing.