Lawsuit About WhatsApp Security Schneier on Security
p
Powered by DuckDuckGopp
HomeBlog ppAttaullah Baig WhatsApps former head of security has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws in violation of its 2019 settlement agreement with the Federal Trade CommissionppThe lawsuit alleging violations of the whistleblower protection provision of the SarbanesOxley Act passed in 2002 said that in 2022 roughly 100000 WhatsApp users had their accounts hacked every day By last year the complaint alleged as many as 400000 WhatsApp users were getting locked out of their accounts each day as a result of such account takeoversppBaig also allegedly notified superiors that data scraping on the platform was a problem because WhatsApp failed to implement protections that are standard on other messaging platforms such as Signal and Apple Messages As a result the former WhatsApp head estimated that pictures and names of some 400 million user profiles were improperly copied every day often for use in account impersonation scamsppMore news coveragepp
Tags Facebook vulnerabilities WhatsApp whistleblowers pp
Posted on September 15 2025 at 705 AM
6 Comments pp
tfb
September 15 2025 1252 PM
ppThe claim thatpp
As a result the former WhatsApp head estimated that pictures and names of some 400 million user profiles were improperly copied every day
ppis curious WhatsApp has something like 3 billion users so this means the entire userbase is being leaked every 10 days Or its the same 400 million every day or there is a huge overlap which makes this a misleading claim at bestppOr someone has got confused between thousands and millionspp
KC
September 15 2025 1000 PM
ppSomeone on ArsTechnica was kind enough to post the court docket and complaint Baig v Meta PlatformsppThrough the SOX complaint Mr Baig demonstrates how WhatsApps growth as goal 1 leaves only token assurances for privacy and security in a world where regulation shields material impactsppIn a 2022 meeting WhatsApps head of Global Public Policy had the wherewithal to ask if WhatsApp was teetering with a Mudge Twitter scenario Mr Baig sent them the link to the Forbes article detailing Zatkos Twitter accusations of fraud and securities violationspp
Of particular concern to Mr Baig was the possibility that WhatsApps and Metas leadership could face criminal liability for misrepresenting the Respondents cybersecurity capabilities and risks similar to the charges brought against Ubers Chief Information Security Officer CISO and the CISO of SolarWinds
ppWhen Baig met with WhatsApps product manager for Privacy Infrastructure in 2023 the gentleman declared I dont worry much about the FTC Order We have lawyers for thatpp
iAPX
September 16 2025 607 AM
ppWhatsApp and security in the same sentence
Shouldnt it be ruled illegal or at least laughableppThe fun part of WhatsApp and many other secure chat is that they are structured to enable Palantir and Palantiralike data harvesting and processingppAnd its not a feature its the core productpp
LtWorf
September 16 2025 1030 AM
ppRememberppDo you remember when the author of this very blog was repeatedly suggesting that whatsapp was the second best option for secure communicationspp
Kinda Irritated
September 16 2025 312 PM
ppLtWorfppActually no Doing a search I see plenty of negative articles on WhatsApp
Except for maybe thispp7 years agoppRussia has banned the secure messaging app Telegram Its making an absolute mess of the banblocking 16 million IP addresses many belonging to the Amazon and Google cloudsand its not even clear that its working But more importantly Im not convinced Telegram is secure in the first placeppSuch a weird story If you want secure messaging use Signal If youre concerned that having Signal on your phone will itself arouse suspicion use WhatsAppppSounds more like Bruce was advocating using something rather than nothing Im sure most readers of this blog have two brain cells to rub together and have a healthy suspicion of anything put out by Facebookpp
Brigita Private Limited
September 22 2025 1139 PM
ppThis is a very timely discussion Security and privacy lawsuits around platforms like WhatsApp highlight how critical it is for businesses and users to rethink their approach to communication security Endtoend encryption is often seen as the gold standard but issues like metadata exposure and regulatory challenges show that theres still a lot of work to be doneppAt Brigita weve observed how enterprises are increasingly moving toward secure cloudbased communication and infrastructure solutions to minimize such risks The focus is shifting from just having encryption to building a holistic security framework that includes compliance access management and realtime monitoringppReally appreciate the depth of this postit sheds light on the broader implications of communication security in todays digital environmentpp
Subscribe to comments on this entry
ppBlog moderation policyppName ppEmail ppURL pp Remember personal infopp
Fill in the blank the name of this blog is Schneier on required
pp
Allowed HTML
a hrefURL em cite i strong b sub sup ul ol li blockquote pre
Markdown Extra syntax via httpsmichelfcaprojectsphpmarkdownextra
pp
ppppΔdocumentgetElementById akjs1 setAttribute value new Date getTime ppSidebar photo of Bruce Schneier by Joe MacInnispp
Powered by WordPress Hosted by PressableppppI am a publicinterest technologist working at the intersection of security technology and people Ive been writing about security issues on my blog since 2004 and in my monthly newsletter since 1998 Im a fellow and lecturer at Harvards Kennedy School a board member of EFF and the Chief of Security Architecture at Inrupt Inc This personal website expresses the opinions of none of those organizationsppMore EssaysppMore TagsppMore Booksp
Powered by DuckDuckGopp
HomeBlog ppAttaullah Baig WhatsApps former head of security has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws in violation of its 2019 settlement agreement with the Federal Trade CommissionppThe lawsuit alleging violations of the whistleblower protection provision of the SarbanesOxley Act passed in 2002 said that in 2022 roughly 100000 WhatsApp users had their accounts hacked every day By last year the complaint alleged as many as 400000 WhatsApp users were getting locked out of their accounts each day as a result of such account takeoversppBaig also allegedly notified superiors that data scraping on the platform was a problem because WhatsApp failed to implement protections that are standard on other messaging platforms such as Signal and Apple Messages As a result the former WhatsApp head estimated that pictures and names of some 400 million user profiles were improperly copied every day often for use in account impersonation scamsppMore news coveragepp
Tags Facebook vulnerabilities WhatsApp whistleblowers pp
Posted on September 15 2025 at 705 AM
6 Comments pp
tfb
September 15 2025 1252 PM
ppThe claim thatpp
As a result the former WhatsApp head estimated that pictures and names of some 400 million user profiles were improperly copied every day
ppis curious WhatsApp has something like 3 billion users so this means the entire userbase is being leaked every 10 days Or its the same 400 million every day or there is a huge overlap which makes this a misleading claim at bestppOr someone has got confused between thousands and millionspp
KC
September 15 2025 1000 PM
ppSomeone on ArsTechnica was kind enough to post the court docket and complaint Baig v Meta PlatformsppThrough the SOX complaint Mr Baig demonstrates how WhatsApps growth as goal 1 leaves only token assurances for privacy and security in a world where regulation shields material impactsppIn a 2022 meeting WhatsApps head of Global Public Policy had the wherewithal to ask if WhatsApp was teetering with a Mudge Twitter scenario Mr Baig sent them the link to the Forbes article detailing Zatkos Twitter accusations of fraud and securities violationspp
Of particular concern to Mr Baig was the possibility that WhatsApps and Metas leadership could face criminal liability for misrepresenting the Respondents cybersecurity capabilities and risks similar to the charges brought against Ubers Chief Information Security Officer CISO and the CISO of SolarWinds
ppWhen Baig met with WhatsApps product manager for Privacy Infrastructure in 2023 the gentleman declared I dont worry much about the FTC Order We have lawyers for thatpp
iAPX
September 16 2025 607 AM
ppWhatsApp and security in the same sentence
Shouldnt it be ruled illegal or at least laughableppThe fun part of WhatsApp and many other secure chat is that they are structured to enable Palantir and Palantiralike data harvesting and processingppAnd its not a feature its the core productpp
LtWorf
September 16 2025 1030 AM
ppRememberppDo you remember when the author of this very blog was repeatedly suggesting that whatsapp was the second best option for secure communicationspp
Kinda Irritated
September 16 2025 312 PM
ppLtWorfppActually no Doing a search I see plenty of negative articles on WhatsApp
Except for maybe thispp7 years agoppRussia has banned the secure messaging app Telegram Its making an absolute mess of the banblocking 16 million IP addresses many belonging to the Amazon and Google cloudsand its not even clear that its working But more importantly Im not convinced Telegram is secure in the first placeppSuch a weird story If you want secure messaging use Signal If youre concerned that having Signal on your phone will itself arouse suspicion use WhatsAppppSounds more like Bruce was advocating using something rather than nothing Im sure most readers of this blog have two brain cells to rub together and have a healthy suspicion of anything put out by Facebookpp
Brigita Private Limited
September 22 2025 1139 PM
ppThis is a very timely discussion Security and privacy lawsuits around platforms like WhatsApp highlight how critical it is for businesses and users to rethink their approach to communication security Endtoend encryption is often seen as the gold standard but issues like metadata exposure and regulatory challenges show that theres still a lot of work to be doneppAt Brigita weve observed how enterprises are increasingly moving toward secure cloudbased communication and infrastructure solutions to minimize such risks The focus is shifting from just having encryption to building a holistic security framework that includes compliance access management and realtime monitoringppReally appreciate the depth of this postit sheds light on the broader implications of communication security in todays digital environmentpp
Subscribe to comments on this entry
ppBlog moderation policyppName ppEmail ppURL pp Remember personal infopp
Fill in the blank the name of this blog is Schneier on required
pp
Allowed HTML
a hrefURL em cite i strong b sub sup ul ol li blockquote pre
Markdown Extra syntax via httpsmichelfcaprojectsphpmarkdownextra
pp
ppppΔdocumentgetElementById akjs1 setAttribute value new Date getTime ppSidebar photo of Bruce Schneier by Joe MacInnispp
Powered by WordPress Hosted by PressableppppI am a publicinterest technologist working at the intersection of security technology and people Ive been writing about security issues on my blog since 2004 and in my monthly newsletter since 1998 Im a fellow and lecturer at Harvards Kennedy School a board member of EFF and the Chief of Security Architecture at Inrupt Inc This personal website expresses the opinions of none of those organizationsppMore EssaysppMore TagsppMore Booksp
