The letter outlined not solely the improper entry engineers needed to WhatsApp person knowledge, however quite a lot of different shortcomings, together with a “failure to stock person knowledge,” as required below privateness legal guidelines in California, the European Union, and the FTC settlement, failure to find knowledge storage, an absence of techniques for monitoring person knowledge entry, and an incapacity to detect knowledge breaches that had been normal for different firms.
Final yr, Baig allegedly despatched a “detailed letter” to Meta CEO Mark Zuckerberg and Jennifer Newstead, Meta basic counsel, notifying them of what he mentioned had been violations of the FTC settlement and Safety and Trade Fee guidelines mandating the reporting of safety vulnerabilities. The letter additional alleged Meta leaders had been retaliating towards him and that the central Meta safety crew had “falsified safety studies to cowl up selections to not remediate knowledge exfiltration dangers.”
The lawsuit, alleging violations of the whistleblower safety provision of the Sarbanes-Oxley Act handed in 2002, mentioned that in 2022, roughly 100,000 WhatsApp customers had their accounts hacked day by day. By final yr, the criticism alleged, as many as 400,000 WhatsApp customers had been getting locked out of their accounts every day on account of such account takeovers.
Baig additionally allegedly notified superiors that knowledge scraping on the platform was an issue as a result of WhatsApp did not implement protections which are normal on different messaging platforms corresponding to Sign and Apple Messages. Because of this, the previous WhatsApp head estimated that photos and names of some 400 million person profiles had been improperly copied day by day, usually to be used in account impersonation scams. The criticism acknowledged:
Specifically, Mr. Baig beneficial limiting customers from accessing different customers’ profiles except the opposite person has them of their contacts, has messaged them earlier than, or is in the identical group chat with them. Mr. Baig talked about that WhatsApp is at present leaking Lined Data on thousands and thousands, if not billions, of customers day by day and WhatsApp is severely below reporting scraping Lined Incidents to the FTC and different regulators. Mr. Baig additionally cited the robust protections that iMessage and Sign provide towards profile scraping in comparison with WhatsApp.
Meta leaders allegedly rebuffed the advice on the grounds it could hamper WhatsApp person development.
In an electronic mail, a WhatsApp consultant wrote: “Sadly this can be a acquainted playbook wherein a former worker is dismissed for poor efficiency after which goes public with distorted claims that misrepresent the continued exhausting work of our crew. Safety is an adversarial house and we pleasure ourselves in constructing on our robust report of defending folks’s privateness.”
