A former employee at Meta Platforms Inc.'s WhatsApp filed a federal lawsuit Monday alleging he repeatedly raised cybersecurity concerns about the messaging app with his superiors but was ignored and retaliated against.
Attaullah Baig, who identifies himself as the former head of security at WhatsApp, said he discovered “systemic cybersecurity failures that posed serious risks to user data” in 2021. For instance, Baig said he discovered that about 1,500 WhatsApp engineers had unrestricted access to user data and could move or steal it without detection or an audit trail, according to the lawsuit.
Carl Woog, a WhatsApp spokesperson, said, “Sadly, this is a familiar playbook in which a former employee is dismissed for poor performance and then goes public with distorted claims that misrepresent the ongoing hard work of our team. Security is an adversarial space, and we pride ourselves in building on our strong record of protecting people's privacy.”
Following the alleged discovery, Baig raised concerns with his boss on about five occasions “that WhatsApp lacked fundamental cybersecurity knowledge required for regulatory compliance” but his boss ignored them, the suit states. He brought the flaws up with other superiors, including Meta Chief Executive Officer Mark Zuckerberg. But instead of fixing the problems, Baig alleges the company retaliated against him with poor performance reviews and, eventually, his ouster due to poor performance.
In the lawsuit, Baig also said that WhatsApp lacked an around-the-clock security operations center and that approximately 100,000 users every day suffered account takeovers. He further claimed WhatsApp employed far fewer security engineers than comparably sized companies. He said the cybersecurity problems could violate a 2020 settlement with the Federal Trade Commission and securities laws.
Baig filed a complaint with the Department of Labor's Occupational Safety and Health Administration. According to WhatsApp spokesperson Zade Alsawah, that group found that Meta hadn't retaliated against him for raising security concerns. A representative for OSHA didn't immediately respond to a call and email inquiring about Baig's complaint.
Baig said he was hired as a software engineering manager at Meta in 2021 and after an onboarding period became head of security at WhatsApp. WhatsApp's Alsawah said there were multiple directors above Baig reporting to the vice president of engineering and that his title was software engineering manager.
Baig and one of his attorneys didn't immediately respond to calls seeking comment.
Watch LIVE TV, Get Stock Market Updates, Top Business, IPO and Latest News on NDTV Profit.
