Is WhatsApp unsafe? Ex-security chief sues Meta with big accusations
Attaullah Baig worked as Head of Security for WhatsApp and Meta for just over four years before he was dismissed in April 2025. Now he’s bringing a lawsuit against his former employer, alleging that WhatsApp contains security flaws that violate GDPR laws and Meta’s agreement with the FTC.
The lawsuit, which was filed in a US court in California (PDF), states that Baig repeatedly pointed out security problems at WhatsApp. However, these were ignored or he was urged not to complain any further. According to him, Meta even tried to “silence” him.
Allegations leveled against Meta
He also alleges that 1,500 people had unrestricted access to sensitive WhatsApp data, including contact details and profile pictures of users, IP addresses, and more. According to Baig, this data could’ve been forwarded or processed without anyone realizing. For reference, around 3,000 people worked at WhatsApp in 2021, which means about half of them would’ve had access to user data.
Together with Baig, only a total of six people were responsible for security and data protection at WhatsApp.
Meta previously got into hot water with the FTC in 2018 due to the Facebook Cambridge Analytica data scandal. At the time, the company vowed to do better and pledged to take data protection more seriously in the future. WhatsApp has belonged to Meta since 2014, meaning it was already owned by the company for four years by that point.
GDPR violations also in the air
Baig also argues that WhatsApp is in breach of GDPR laws because it possesses lists of all user data collected. As WhatsApp has over 3 billion users worldwide, it would have to store vast amounts of data if this claim is true, requiring large and expensive server capacities.
Baig also admits that WhatsApp doesn’t have adequate capacity to guarantee the security of the service with its massive user base, for example in the event of cyber attacks or other security breaches.
Meta had also failed to provide sufficient resources to combat the takeover of accounts by fraudsters. The company just announced in August that it was deleting numerous accounts from fraud centers and stepping up its efforts to combat crime on the platform.
Meta denies the allegations
Meta has denied the allegations, stating that Baig wasn’t dismissed due to his security concerns but rather due to poor performance. Meta says the ex-employee wants to “misrepresent the team’s ongoing hard work” with his lawsuit and his “distorted claims” against WhatsApp. The security and privacy of users is important at WhatsApp, despite all the allegations.
It remains to be seen what evidence Baig will present to the court should an official hearing take place. At the moment, the lawsuit has only been filed and there is no court date set yet. And, of course, the whole matter may also end up being settled outside of court.
Further reading: This WhatsApp flaw leaves your PC open to malware 
© 2025 PC World 3:25am  
|
|
|
|
|
