Attaullah Baig, a WhatsApp security director, has initiated a lawsuit against Meta, claiming that there are substantial security issues in the communications platform. The suit asserts that Meta did not secure user information, breached privacy laws, and retaliated against Baig when he reported about these allegations. The case brings significant issues and concerns regarding user privacy and the security of data.

Highlights:

• Former WhatsApp security chief sues Meta over data access flaws.
• Lawsuit alleges 1,500 engineers had unrestricted access to user data.
• Meta accused of violating 2020 FTC privacy settlement and federal laws.
• Baig claims retaliation after reporting security flaws to CEO Mark Zuckerberg.
• Meta denies allegations, citing performance as reason for dismissal.

According to Baig, approximately 1,500 engineers at Meta had unlimited access to user data such as profile pictures, locations, and contact lists. There were no efficient surveillance mechanisms in place to make recognition of unauthorized access. Such negligence subjected users to privacy hazards and breached the privacy obligations of Meta as prescribed in the 2020 FTC privacy settlement.

Upon disclosing the security vulnerability, Baig began to experience negative performance ratings and was terminated in February 2025. He accuses this as sheer revenge as a response to raising the issues. The case demands responsibility concerning the security gaps and the revenge.

Meta rejects the accusations, stating that Baig had been fired because of poor performance. The company mentions that its security practices are functioning and focus on continued increases in security measures to keep user privacy secure. Meta refers to the lawsuit as a misrepresentation of its security practices.