{"id":49355,"date":"2025-09-24T14:53:23","date_gmt":"2025-09-24T18:53:23","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=49355"},"modified":"2025-09-24T14:53:23","modified_gmt":"2025-09-24T18:53:23","slug":"lawsuit-about-whatsapp-security","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2025\/09\/24\/lawsuit-about-whatsapp-security\/","title":{"rendered":"Lawsuit About WhatsApp Security"},"content":{"rendered":"

Bruce Schneier<\/a>:<\/p>\n

\n

Attaullah Baig, WhatsApp’s former head of security, has filed a whistleblower<\/a> lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission.<\/p>\n<\/blockquote>\n\n

Dan Goodin<\/a>:<\/p>\n

The suit, filed in US District Court for the District of Northern California, recites a litany of purported security and privacy flaws that Meta not only didn’t fix after becoming aware of them, but also kept secret, allegedly in violation of a $5 billion settlement<\/a> then-Whatsapp parent company Facebook reached with the Federal Trade Commission.<\/p>

[…]<\/p>

During a red-team exercise designed to find and exploit security vulnerabilities so they can be fixed, Baig said he found that roughly 1,500 engineers inside the messenger division had “unrestricted access to user data, including personal information covered by the FTC Privacy Order, and could move or steal such data without detection or audit trail.”<\/p>

[…]<\/p>

The letter further alleged Meta leaders were retaliating against him and that the central Meta security team had “falsified security reports to cover up decisions not to remediate data exfiltration risks.”<\/p>

[…]<\/p>

As a result, the former WhatsApp head estimated that pictures and names of some 400 million user profiles were improperly copied every day, often for use in account impersonation scams.<\/p><\/blockquote>\n

He says that Meta thought the fixes would hamper user growth. Meta says his claims are distorted and that he was dismissed for poor performance.<\/p>\n\n

Previously:<\/p>\n