Meta Faces Lawsuit Alleging WhatsApp Messages Were Accessible to Third Parties
New U.S. class action challenges one of WhatsApp’s core promises: that private messages are accessible only to sender and recipient.
A proposed class action lawsuit filed in federal court in California accuses Meta Platforms and its messaging subsidiary WhatsApp of allowing third parties to access users’ private messages—despite longstanding assurances that such communications are protected by end-to-end encryption.
The case, Shirazi et al. v. Meta Platforms, Inc. et al., was filed on March 25, 2026, in the U.S. District Court for the Northern District of California. It names Meta, WhatsApp LLC, and consulting firms Accenture PLC and Accenture LLP as defendants [1].
Allegations focus on access to message content
At the center of the complaint is a direct contradiction between WhatsApp’s public statements and what plaintiffs describe as internal practices. WhatsApp has consistently told users that their personal messages are secured with end-to-end encryption and that “not even WhatsApp can see them” [2].
The lawsuit disputes that claim. It alleges that Meta and its contractors had mechanisms allowing them to “intercept, access, read, store, and/or view” message content in certain circumstances [1]. According to the filing, these processes were tied to moderation systems, fraud detection, or compliance-related workflows—but were not adequately disclosed to users.
The complaint characterizes this as a structural “backdoor,” though it does not claim that encryption itself is universally broken. Instead, the focus is on alleged internal access points that bypass user expectations of absolute privacy.
Whistleblower claims and prior reporting
The lawsuit draws on earlier reporting and whistleblower-style allegations suggesting that some Meta employees and external contractors had broader access to WhatsApp data than publicly acknowledged.
In January 2026, Bloomberg reported that U.S. authorities were examining claims from former contractors who said internal teams could access message content as part of operational workflows [5]. The report indicated involvement by the U.S. Department of Commerce, although no formal findings have been made public.
These claims are now being cited in court—but remain unproven. The lawsuit itself is at an early stage and has not yet been tested through discovery or judicial review.
Scope of the case
The plaintiffs seek to represent a nationwide class of U.S. WhatsApp users who sent or received messages on the platform from April 5, 2016 to the present [3]. Additional subclasses are proposed for California and Pennsylvania residents.
The complaint alleges violations of multiple privacy laws, including the Electronic Communications Privacy Act, the Stored Communications Act, and California’s Invasion of Privacy Act [1].
Requested remedies include injunctive relief, restitution, disgorgement of profits, and various categories of damages, including statutory and punitive damages where applicable [4].
Key issue: expectation vs. implementation
The case does not hinge solely on whether encryption exists, but on whether WhatsApp’s implementation—and internal handling of messages—matches how the product is described to users.
If the allegations are substantiated, the legal risk for Meta would center on misrepresentation and unlawful access, rather than a simple technical failure of encryption.
For now, however, the claims remain allegations. Meta has not been found liable, and the court has not yet ruled on the substance of the case.
Sources and notes
[1] Complaint: Shirazi et al. v. Meta Platforms, Inc. et al., No. 3:26-cv-02615, filed March 25, 2026, U.S. District Court, Northern District of California
[2] WhatsApp Privacy Page: states that personal messages are end-to-end encrypted and “not even WhatsApp can see them”
[3] Class definition: U.S. WhatsApp users from April 5, 2016 to present (as defined in the complaint)
[4] Relief sought: injunctive relief, restitution, disgorgement, and statutory, compensatory, and punitive damages (complaint)
[5] Bloomberg (Jan 2026): Report on U.S. authorities examining contractor claims about internal access to WhatsApp messages