Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

Former WhatsApp employee: “1,500 engineers have access to confidential user data.”

Redazione RHC : 11 September 2025 09:49

Attaullah Baig, who reportedly led WhatsApp’s security team from 2021 to 2025, has filed a lawsuit against parent company Meta. Baig claims he was fired for repeatedly attempting to fix the messaging app’s serious cybersecurity issues.

Baig has filed a lawsuit under of the Sarbanes-Oxley Act for allegedly concealing security issues that could have led to potential shareholder fraud, as well as potential violations of the U.S. Securities and Exchange Commission (SEC) rules regarding internal information controls.

In In the lawsuit, the former WhatsApp employee (who previously held cybersecurity positions at PayPal and Capital One) alleges that WhatsApp management wrongfully fired him, misrepresented his performance evaluation, and used it as a pretext to terminate his contract.

Scarica Gratuitamente Byte The Silence, il fumetto sul Cyberbullismo di Red Hot Cyber

"Il cyberbullismo è una delle minacce più insidiose e silenziose che colpiscono i nostri ragazzi. Non si tratta di semplici "bravate online", ma di veri e propri atti di violenza digitale, capaci di lasciare ferite profonde e spesso irreversibili nell’animo delle vittime. Non possiamo più permetterci di chiudere gli occhi". Così si apre la prefazione del fumetto di Massimiliano Brolli, fondatore di Red Hot Cyber, un’opera che affronta con sensibilità e realismo uno dei temi più urgenti della nostra epoca. Distribuito gratuitamente, questo fumetto nasce con l'obiettivo di sensibilizzare e informare. È uno strumento pensato per scuole, insegnanti, genitori e vittime, ma anche per chi, per qualsiasi ragione, si è ritrovato nel ruolo del bullo, affinché possa comprendere, riflettere e cambiare.  Con la speranza che venga letto, condiviso e discusso, Red Hot Cyber è orgogliosa di offrire un contributo concreto per costruire una cultura digitale più consapevole, empatica e sicura. Contattaci tramite WhatsApp al numero 375 593 1011 per richiedere ulteriori informazioni oppure alla casella di posta [email protected]



Supporta RHC attraverso:
  1. L'acquisto del fumetto sul Cybersecurity Awareness
  2. Ascoltando i nostri Podcast
  3. Seguendo RHC su WhatsApp
  4. Seguendo RHC su Telegram
  5. Scarica gratuitamente "Dark Mirror", il report sul ransomware di Dark Lab

Se ti piacciono le novità e gli articoli riportati su di Red Hot Cyber, iscriviti immediatamente alla newsletter settimanale per non perdere nessun articolo. La newsletter generalmente viene inviata ai nostri lettori ad inizio settimana, indicativamente di lunedì.

The documents state that shortly after joining WhatsApp in 2021, Baig “discovered systemic cybersecurity issues that created serious risks to user data and violated Meta’s legal obligations under the Privacy Resolution of 2020 and federal securities laws.

Baig alleges that approximately 1,500 WhatsApp engineers had unrestricted access to users’ sensitive personal data and were able to copy and steal it without detection or scrutiny.

On September 8, 2022, Baig allegedly raised the following violations during a meeting Work:

  • Inability to inventory user data;
  • Inability to locate and list data repositories;
  • Unrestricted access to user data, available to 1,500 software engineers;
  • Lack of control over access to user data;
  • failure to detect data leaks;
  • failure to protect user accounts from theft (an estimated 100,000 such incidents occur daily).

In October 2022, Baig reportedly informed ten senior WhatsApp executives, including CEO Will Cathcart and chief engineer Nitin Gupta, about the issues, warning that the company could face legal consequences.

Baig says he tried to raise his concerns in 2023, but encountered resistance from executives. Then, in early 2024, he reportedly sent a letter to Meta CEO Mark Zuckerberg and general counsel Jennifer Newstead, informing them of the potential breaches, the resistance they were facing, and “evidence that the security team was falsifying reports to hide their decisions and avoid addressing the risks of data theft.”

In February 2025, Baig was fired from the company, allegedly several months after he personally reported alleged cybersecurity breaches at Meta to the U.S. Securities and Exchange Commission.

Now Baig is demanding a jury trial and wants Meta to reinstate him, as well as reimburse him for back wages, legal fees, emotional damages, and distress. However, Meta told the media that Baig was not WhatsApp’s “chief security officer” at all, but rather its head of software development, with several senior executives above him. According to the company, several senior engineers independently determined that his performance did not meet the company’s expectations, which led to his dismissal.

“Unfortunately, it’s a familiar scenario where an employee is fired for poor performance and then makes distorted statements that belittle the essence of our team’s hard work,” said Andy Stone, Meta’s director of communications.

Furthermore, according to documents the company provided to SecurityWeek, the U.S. Department of Labor had previously dismissed Baig’s complaint. OSHA concluded that Meta did not retaliate against an employee who attempted to raise safety concerns. Documents also show that the Department of Labor determined that Baig’s actions were not justified under the Sarbanes-Oxley Act.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli