The recent federal lawsuit by Attaullah Baig, WhatsApp’s former head of security, opens a crack in Meta’s official narrative about its users’ privacy and data protection. What seemed to be a service shielded by end-to-end encryption is crossed by accusations that point to massive access, lack of internal controls and reprisals against those who dared to denounce irregularities. Trust in the most popular messaging app is faltering.
A legacy marked by mistrust
By: Gabriel E. Levy B.
WhatsApp was born in 2009 with the promise of being an agile and private communication tool. In 2014, when Facebook (now Meta) acquired it for 19,000 million dollars, alarms about data protection went off immediately.
It was not just any purchase, it was the acquisition of an intimate conversation space for more than 400 million users. Since then, the tension between commercial expansion and the preservation of privacy has grown unabated.
In 2020, the U.S. Federal Trade Commission imposed a record fine of $5 billion on Meta for violations of user privacy.
The agreement included a compliance order that required the supervision of internal accesses to be reinforced.
However, according to the lawsuit filed by Attaullah Baig, these conditions were not met.
His account states that more than 1,500 engineers maintained unrestricted access to the sensitive data of WhatsApp users.
What is now being denounced in court seems to be part of this logic: privacy as a commercial narrative rather than as a structural reality.
Security as Corporate Rhetoric
WhatsApp presents itself as an armored service thanks to its end-to-end encryption.
The company insists that no one, not even its employees, can read users’ messages.
However, Baig’s complaint opens up a crucial distinction: messages may remain encrypted, but metadata, IP addresses, profile photos, and contact lists form a universe of information that is just as sensitive and less protected.
Academic Bruce Schneier, a specialist in cryptography and digital security, has warned for years that the narrative of total encryption works like a mirage.
While it ensures the confidentiality of content, it does not address the fragility of storage systems, internal access, or the potential for account manipulation.
According to Baig, that weakness resulted in the daily hijacking of between 100,000 and 400,000 accounts between 2022 and 2023, a phenomenon that impacted millions of users and was downplayed in internal security reports.
The contrast is disturbing. While WhatsApp became a communication tool for governments, companies and journalists, its own databases were exposed to misuse by employees with excessive permissions.
The lawsuit alleges that Meta fabricated reports to hide those risks and disabled possible solutions, prioritizing user growth over effective protection.
This situation is not isolated. Academic research such as that of José van Dijck in The Culture of Connectivity shows how digital platforms shape their internal practices according to the imperatives of expansion and monetization.
Security, in this scheme, becomes a discourse to calm users and regulators, but not necessarily a priority practice.
The conflict between growth and control
The core of Baig’s accusation touches on an open wound in the tech ecosystem: the tension between real security and the need for exponential growth.
WhatsApp surpassed 2 billion users in 2020, and that volume made the app a strategic asset for Meta.
Baig’s account indicates that efforts to curb account hijacking and improper access clashed with corporate decisions that favored maintaining the pace of adoption in emerging markets.
The figures presented are alarming.
One hundred thousand accounts blocked daily in 2022 and four hundred thousand in 2023 do not represent isolated incidents, but a systemic failure.
Each hijacked account means the loss of access of a user, often accompanied by extortion attempts or fraudulent use of contacts.
In countries where WhatsApp is the main way to communicate, such as Brazil, India or Mexico, these vulnerabilities affect daily life, from small businesses to political processes.
Baig’s firing, described by Meta as a result of “poor performance,” appears in the lawsuit as direct retaliation.
In this sense, the legal dispute not only pits a former employee against a corporation, but also reveals the cost of questioning the internal security model of a platform with so much global power.
The U.S. Department of Labor dismissed the initial retaliation complaint, but the federal lawsuit broadens the scope and places Meta under judicial scrutiny in an area where it already had a serious record.
The credibility of the company is once again at stake, and with it the trust of millions of users who deposit their data on WhatsApp daily.
Echoes of previous cases
Baig’s complaint adds to a long list of scandals that marked Meta’s recent history. The most remembered is Cambridge Analytica in 2018, when it was revealed that data from millions of Facebook users was used to manipulate electoral processes.
On that occasion, the company’s response consisted of public apologies and promises of greater transparency, although structural changes were limited.
Another resonant episode occurred in 2021, when a misconfiguration exposed personal data of more than 500 million Facebook users on internet forums.
The company downplayed the impact by arguing that it was public information, but investigators pointed out the lack of diligence in protecting the platform.
In the field of messaging, Telegram and Signal took advantage of these crises to position themselves as safer alternatives.
However, none reached the scale of WhatsApp, which highlights the paradox: while doubts about Meta’s security grow, users continue to use its services en masse due to a lack of equivalent options in scope and practicality.
In countries such as India, multiple cases of hijacking of WhatsApp accounts used for digital scams were documented, especially against older adults.
In Brazil, the Superior Electoral Court denounced attempts at manipulation through WhatsApp chains during the 2018 and 2022 elections.
These cases show that the insecurity denounced by Baig is not only a corporate issue, but a social and political problem of the first magnitude.
In conclusion, Attaullah Baig’s lawsuit against Meta is not just an employment dispute or a personal dispute.
It is a mirror that reflects the deepest tensions of digital capitalism: the promise of security in the face of the imperative of growth.
The revelation of mass access and the blocking of security solutions suggest that user privacy is subordinated to the logic of expansion. Trust in WhatsApp, until now considered indisputable, is going through one of its most fragile moments.
References
Schneier, Bruce. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W. W. Norton & Company, 2015.
van Dijck, José. The Culture of Connectivity: A Critical History of Social Media. Oxford University Press, 2013.
