Background on Attaullah Baig and His Allegations
Attaullah Baig, former Chief Security Officer of WhatsApp from 2021 to February 2025, has filed a federal lawsuit against the company, alleging systematic violations of cybersecurity regulations and retaliation for reporting these issues.
Baig’s Discovery of Security Vulnerabilities
Through internal security tests, Baig discovered that approximately 1,500 WhatsApp engineers had unrestricted access to user data without proper oversight. This practice could potentially breach a 2020 U.S. government order, which fined Cambridge Analytica $5 billion for mishandling user data.
Content of the Lawsuit
The lawsuit, filed in a San Francisco federal court, claims that Meta Platforms Inc. (the parent company of WhatsApp) failed to implement basic cybersecurity measures on its instant messaging platform.
Baig’s allegations state that engineers could move or steal user data without detection, and he repeatedly communicated his concerns to high-ranking WhatsApp executives, including Director Will Cathcart and Meta President Mark Zuckerberg.
Baig also claims he faced increasing retaliation for his initial reports in 2021, including negative performance evaluations, verbal warnings, and eventual termination in February 2025 for “poor performance.”
Meta’s Response and Background on Cambridge Analytica Scandal
Meta denied the allegations, stating that Baig was dismissed for poor performance, a claim independently verified by senior engineers. The company also argued that Baig’s description of his role exaggerated his responsibilities within WhatsApp, where he was a low-level engineer.
In 2020, Meta reached an agreement with the U.S. government following the Cambridge Analytica scandal, which involved the unauthorized collection of data from 50 million Facebook users.
Key Questions and Answers
- Who is Attaullah Baig? Baig was the Chief Security Officer of WhatsApp from 2021 to February 2025.
- What are Baig’s allegations against WhatsApp? Baig claims that approximately 1,500 WhatsApp engineers had unrestricted access to user data without proper oversight, potentially violating cybersecurity regulations.
- What is the Cambridge Analytica scandal? The Cambridge Analytica scandal involved the unauthorized collection and misuse of personal data from 50 million Facebook users.
- How did Meta respond to Baig’s allegations? Meta denied the accusations, stating that Baig was dismissed for poor performance and that his role within the company was exaggerated.
