News: 0179088470

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Whistle-Blower Sues Meta Over Claims of WhatsApp Security Flaws (nytimes.com)

(Monday September 08, 2025 @05:50PM (msmash) from the PSA dept.)


The former head of security for WhatsApp filed a lawsuit on Monday [1]accusing Meta of ignoring major security and privacy flaws that put billions of the messaging app's users at risk, the latest in a string of whistle-blower allegations against the social media giant. The New York Times:

> In the lawsuit filed in the U.S. District Court of the District of Northern California, Attaullah Baig claimed that thousands of WhatsApp and Meta employees could gain access to sensitive user data including profile pictures, location, group memberships and contact lists. Meta, which owns WhatsApp, also failed to adequately address the hacking of more than 100,000 accounts each day and rejected his proposals for security fixes, according to the lawsuit.

>

> Mr. Baig tried to warn Meta's top leaders, including its chief executive, Mark Zuckerberg, that users were being harmed by the security weaknesses, according to the lawsuit. In response, his managers retaliated and fired him in February, he claims. Mr. Baig, who is represented by the whistle-blower organization Psst.org and the law firm Schonbrun, Seplow, Harris, Hoffman & Zeldes, argued in the suit that the actions violated a privacy settlement Meta reached with the Federal Trade Commission in 2019, as well as securities laws that require companies to disclose risks to shareholders.



[1] https://www.nytimes.com/2025/09/08/technology/whatsapp-whistleblower-lawsuit.html


And this is why I choose Signal (Score:3)

by sinkskinkshrieks ( 6952954 )

In spite of its metadata-creating privacy violations. (And I worked for Meta for a bit.)

Re: (Score:2)

by jhoegl ( 638955 )

Thats just it, isnt it? If there is no privacy, they have an out for why the data is out there.

Meta claims security, but doesnt care to apply it.

Bots all over, and no care for anything. Its almost as if they see their users as pawns.

Re: (Score:2)

by Vlad_the_Inhaler ( 32958 )

> * profile pictures

Whatsapp offers the following settings:

Profile photo

Who can see my Profile Photo

- Everyone

- My contacts

- My contacts except...

- Nobody

I think the default is Everyone.

There is also a setting for "who can see my Live Location", Since I don't allow WhatsApp to access my location at all, that one is firmly off.

InfoSec Victims. (Score:2, Insightful)

by Anonymous Coward

While most might be wrapped up in the labels (Meta, WhatsApp, etc.), we shouldn’t overlook the core of the issue; an InfoSec professional was fired for merely wanting to do his job. Also known as the job he was hired to do.

Without getting into detail, I know the fucking feeling. And we should probably be more focused on that than bullshit brands and labels that enable the kind of finger pointing that overlooks the core issue. If InfoSec professionals are going to continue to be targeted and/or bec

Re: (Score:2)

by ffkom ( 3519199 )

> While most might be wrapped up in the labels (Meta, WhatsApp, etc.), we shouldn’t overlook the core of the issue; an InfoSec professional was fired for merely wanting to do his job. Also known as the job he was hired to do.

If he really thought that "InfoSec professionals are hired to improve security and protect privacy", then he was very, very naive. Company executives hire "InfoSec professionals" to tick off a box on their "cover your ass!"-list, such that they can get a "cyber-crime insurance" and have a scapegoat to point at when the security shit hits the fan. The last thing expected from an "InfoSec professional" is to burden the next quarter bottom line with any substantial cost/effort for implementing real, technical

You knew the job was dangerous when you took it, Fred.
-- Superchicken