Particle.news

Download on the App Store

WhatsApp Whistleblower Sues Meta, Alleging Systemic Security Failures and Retaliation

The 115-page filing says weak access controls at WhatsApp fell short of legal obligations under Meta’s 2020 FTC privacy order.

Overview

  • Attaullah Baig filed the federal suit in San Francisco on September 8, naming Meta, Mark Zuckerberg, and other executives, and seeking reinstatement, back pay, and damages.
  • The complaint alleges roughly 1,500 engineers could access sensitive user data and move it without detection or an audit trail, citing red-team tests conducted after Baig joined in 2021.
  • Baig says WhatsApp lacked a complete data inventory, adequate access monitoring, a 24-hour security operations center, and breach detection capabilities expected for a platform of its scale.
  • He contends WhatsApp faced about 100,000 account takeovers daily and that proposed safeguards were blocked to protect growth metrics, with escalations sent to leaders including Will Cathcart and Zuckerberg.
  • Meta disputes the allegations, says Baig was dismissed for poor performance, and asserts his claims distort the security team’s work, while noting he had previously taken concerns to the SEC and OSHA.