A new Meta lawsuit has raised serious alarms about user safety, with a former WhatsApp security chief accusing the company of ignoring cybersecurity flaws that exposed billions of accounts. Attaullah Baig, who led WhatsApp’s security division until earlier this year, alleges that Meta neglected basic safeguards, gave engineers unaudited access to sensitive data, and retaliated against him for speaking out.
Security Chief Raises the Alarm
Baig, who served as WhatsApp’s head of security from 2021 to 2025, filed the case in a federal court in San Francisco. In his complaint, he claims that nearly 1,500 engineers enjoyed unrestricted access to user data without oversight. He warned that this setup not only endangered users but also risked violating a $5 billion penalty order the U.S. government had imposed on Meta in 2020 over data privacy breaches.
Data Access Without Oversight
According to the 115-page filing, internal security tests revealed alarming gaps. Baig found that WhatsApp engineers could access or even steal user information—including contact lists, IP addresses, and profile photos—without leaving an audit trail. He insists that such unchecked access left billions vulnerable to misuse, raising questions about Meta’s compliance with privacy regulations.
Hacking and Account Takeovers
Baig also accused Meta of ignoring rampant account hijackings. He reported that over 100,000 WhatsApp accounts were being hacked or taken over daily. Despite presenting solutions, he says Meta refused to act, prioritizing growth over security. His proposed measures were dismissed, leaving victims without adequate protection.
Warnings to Executives
The lawsuit highlights that Baig raised his concerns repeatedly with senior executives. He claims to have directly warned WhatsApp chief Will Cathcart and Meta CEO Mark Zuckerberg about the dangers of unrestricted data access and unchecked account takeovers. Yet, his reports were met with silence or disregard, further fueling his belief that Meta put user expansion ahead of safety.
Read: Google Reveals Clear Gemini Usage Limits
Meta Pushes Back
Meta denies Baig’s allegations. In a statement, WhatsApp’s vice president of communications, Carl Woog, said the claims follow a “familiar playbook” of disgruntled employees. He argued that Baig was dismissed for poor performance, not retaliation, and accused him of distorting facts to discredit the company’s ongoing work in data protection.
Allegations of Retaliation
Despite Meta’s pushback, Baig maintains that the company targeted him after he spoke up. According to him, retaliation began as early as 2021, when he first flagged the risks. He received poor performance reviews, verbal warnings, and ultimately, termination in February 2025. Baig argues that these measures were meant to silence his warnings rather than reflect the quality of his work.
Meta’s Defense
Meta counters that multiple senior engineers evaluated Baig’s performance and found it below expectations. The company also pointed out that the Department of Labor’s Occupational Safety and Health Administration reviewed Baig’s earlier retaliation complaint and dismissed it, concluding that Meta had not acted unfairly against him.
Regulatory Complaints
Unmoved by Meta’s stance, Baig took his case beyond the company. Before filing this lawsuit, he submitted complaints to federal regulators, including the Securities and Exchange Commission. His legal team argues that Meta systematically ignored security obligations, potentially exposing the company to further regulatory scrutiny.
Long Cybersecurity Career
Baig brings industry credibility to his claims. Before joining Meta, he held key cybersecurity roles at financial giants like PayPal and Capital One. His lawsuit stresses that his background gave him the expertise to recognize serious risks within WhatsApp’s security framework, risks that he says Meta chose to ignore.
Billions of Users at Stake
WhatsApp, acquired by Meta for $19 billion in 2014, now serves over three billion users worldwide. The lawsuit suggests that these users could have unknowingly faced threats to their personal information due to Meta’s alleged negligence. If proven, Baig’s claims could damage trust in WhatsApp, a platform often relied upon for private and sensitive communication.
Larger Implications for Meta
The case could add to Meta’s long list of legal troubles. The company has faced repeated scrutiny over data handling practices, from the Cambridge Analytica scandal to ongoing privacy debates. This lawsuit intensifies those concerns by suggesting that Meta knowingly allowed security lapses even after being penalized by regulators.
Trust on the Line
For billions of WhatsApp users, the lawsuit revives pressing questions about digital privacy and corporate responsibility. It also highlights the tension between rapid user growth and the need for secure systems. Investors, regulators, and users alike will be watching closely as the Meta lawsuit proceeds through the courts.
Follow us on Instagram, YouTube, Facebook,, X and TikTok for latest updates
