Whistleblower Claims Major Cybersecurity Lapses at Meta

In a striking legal move, a former top cybersecurity executive at WhatsApp, Attaullah Baig, has filed a lawsuit alleging that parent company Meta exposed billions of users to security risks by ignoring critical flaws within the app's defenses. Baig, who held the position from 2021 to 2025, claims that Meta not only failed to follow cybersecurity regulations but also retaliated against him for raising alarms about these vulnerabilities.

Unrestricted Access to Sensitive User Data?

According to Baig, approximately 1,500 engineers had unfettered access to sensitive user data, including contact information and IP addresses, without necessary oversight. This alarming claim comes in light of a previous $5 billion penalty imposed on Meta by U.S. authorities in 2020, reinforcing the seriousness of the allegations.

100,000 Accounts Hacked Daily – Company Turns a Blind Eye?

The lawsuit reveals that Meta ignored Baig’s warnings about over 100,000 accounts being hacked every single day. Instead of addressing these issues, Baig alleges that the company prioritized user growth over fundamental security measures, leaving users vulnerable.

Internal Tests Uncover Disturbing Capabilities

Baig's 115-page complaint details shocking findings from internal security tests. He claims WhatsApp engineers could easily manipulate or steal user data without detection, raising grave concerns about user privacy and security.

Allegations of Retaliation and Poor Performance Claims

Despite bringing significant concerns to the attention of senior leaders, including Meta CEO Mark Zuckerberg and WhatsApp head Will Cathcart, Baig alleges he faced escalating retaliation. This culminated in his termination, which Meta asserts was due to poor performance, a claim that has been independently validated by several senior engineers.

Continuing Scrutiny on Meta's Data Protection Practices

Baig's case adds to the mounting scrutiny over Meta’s data protection practices across its extensive platforms, which include Facebook and Instagram. In light of the Cambridge Analytica scandal, the company agreed to a government settlement that remains in effect until 2040, aimed at rectifying its data handling practices.

What’s Next for Baig and Meta?

In his whistleblower complaint, Baig is seeking reinstatement, back pay, and compensatory damages, alongside potential regulatory action against Meta. This high-stakes legal battle could have far-reaching implications for the tech giant as it grapples with ongoing issues of user privacy and cybersecurity.