Is WhatsApp unsafe? Ex-security chief sues Meta with large accusations
Attaullah Baig labored as Head of Safety for WhatsApp and Meta for simply over 4 years earlier than he was dismissed in April 2025. Now he’s bringing a lawsuit in opposition to his former employer, alleging that WhatsApp accommodates safety flaws that violate GDPR legal guidelines and Meta’s settlement with the FTC.
The lawsuit, which was filed in a US court docket in California (PDF), states that Baig repeatedly identified safety issues at WhatsApp. Nonetheless, these have been ignored or he was urged to not complain any additional. In line with him, Meta even tried to “silence” him.
He additionally alleges that 1,500 individuals had unrestricted entry to delicate WhatsApp knowledge, together with contact particulars and profile photos of customers, IP addresses, and extra. In line with Baig, this knowledge may’ve been forwarded or processed with out anybody realizing. For reference, round 3,000 individuals labored at WhatsApp in 2021, which implies about half of them would’ve had entry to consumer knowledge.
Along with Baig, solely a complete of six individuals have been chargeable for safety and knowledge safety at WhatsApp.
Meta beforehand bought into scorching water with the FTC in 2018 because of the Fb Cambridge Analytica knowledge scandal. On the time, the corporate vowed to do higher and pledged to take knowledge safety extra significantly sooner or later. WhatsApp has belonged to Meta since 2014, which means it was already owned by the corporate for 4 years by that time.
GDPR violations additionally within the air
Baig additionally argues that WhatsApp is in breach of GDPR legal guidelines as a result of it possesses lists of all consumer knowledge collected. As WhatsApp has over 3 billion customers worldwide, it must retailer huge quantities of knowledge if this declare is true, requiring giant and costly server capacities.
Baig additionally admits that WhatsApp doesn’t have sufficient capability to ensure the safety of the service with its huge consumer base, for instance within the occasion of cyber assaults or different safety breaches.
Meta had additionally failed to offer adequate assets to fight the takeover of accounts by fraudsters. The corporate simply introduced in August that it was deleting quite a few accounts from fraud facilities and stepping up its efforts to fight crime on the platform.
Meta has denied the allegations, stating that Baig wasn’t dismissed attributable to his safety considerations however quite attributable to poor efficiency. Meta says the ex-employee needs to “misrepresent the workforce’s ongoing onerous work” along with his lawsuit and his “distorted claims” in opposition to WhatsApp. The safety and privateness of customers is necessary at WhatsApp, regardless of all of the allegations.
It stays to be seen what proof Baig will current to the court docket ought to an official listening to happen. For the time being, the lawsuit has solely been filed and there’s no court docket date set but. And, after all, the entire matter might also find yourself being settled outdoors of court docket.
Additional studying: This WhatsApp flaw leaves your PC open to malware
This text initially appeared on our sister publication PC-WELT and was translated and localized from German.
