Husain Parvez
Published on: September 15, 2025
A former WhatsApp cybersecurity executive has filed a whistleblower lawsuit against Meta, claiming the company ignored critical security flaws that exposed billions of users and retaliated against him for raising concerns.
Attaullah Baig, who led WhatsApp’s security team from 2021 until his dismissal in early 2025, alleges in a 115-page complaint that approximately 1,500 engineers had “unrestricted access to user data, including personal information covered by the FTC Privacy Order, and could move or steal such data without detection or audit trail.” The suit, filed in federal court in San Francisco, argues this broad access violated the terms of a $5 billion settlement Meta reached with the U.S. Federal Trade Commission in 2019.
Baig also claimed that WhatsApp failed to address widespread account takeovers, noting that around 100,000 accounts were being compromised daily and that number rose to as many as 400,000 by 2024. According to the complaint, Baig repeatedly raised the issue with senior leadership, including WhatsApp head Will Cathcart and Meta CEO Mark Zuckerberg, warning that the company was failing to implement basic safeguards such as adequate data handling and breach detection systems.
In one filing excerpt, Baig described Meta’s internal culture as resistant to scrutiny, stating, “Mr. Baig understood that Meta’s culture is like that of a cult where one cannot question any of the past work especially when it was approved by someone at a higher level.”
Meta strongly disputes the allegations. WhatsApp spokesperson Carl Woog said in a statement, “Sadly this is a familiar playbook in which a former employee is dismissed for poor performance and then goes public with distorted claims that misrepresent the ongoing hard work of our team.” The company added that Baig was terminated due to performance issues and that his claims were either too broad or duplicative of ongoing work.
