SAN FRANCISCO: Telegram founder Pavel Durov has publicly criticized WhatsApp security following a U.S. class-action lawsuit alleging that Meta, WhatsApp’s parent company, misled users about the privacy of their encrypted messages.
On January 26, Durov wrote on X: “You’d have to be brain-dead to believe WhatsApp is secure in 2026. When we analyzed how WhatsApp implemented its ‘encryption,’ we found multiple attack vectors.”
Read More: ‘Pick a side’: Ukraine invasion dilemma for US Big Tech
Durov, 41, launched Telegram in 2013, which now has over one billion active users worldwide. He previously created VK, one of Russia’s leading social media networks.
Telegram founder Pavel Durov slams WhatsApp security
‘You’d have to be braindead to believe WhatsApp is secure in 2026’
Who do you trust with your chats in 2026? pic.twitter.com/IiNqPqBwYs
— RT (@RT_com) January 27, 2026
The lawsuit, filed by an international group of complainants in a U.S. federal court, challenges WhatsApp’s promise of default end-to-end encryption using the Signal protocol. Plaintiffs claim that, despite in-app assurances that “only people in this chat can read, listen to, or share,” Meta can access, store, and analyze most user communications. The complaint cites information from undisclosed internal whistleblowers to substantiate the claims.
Meta has rejected the allegations. Spokesperson Andy Stone called the lawsuit “foolish” and stated that the company “will pursue sanctions against plaintiffs’ counsel,” emphasizing that claims about WhatsApp’s encryption are “categorically false and absurd.” WhatsApp head Will Cathcart also dismissed the case as “a no-merit, headline-seeking lawsuit,” noting that encryption keys reside locally on users’ devices.
The debate over messaging security intensified after Elon Musk questioned WhatsApp’s encryption while promoting his own X Chat service, stating, “WhatsApp is not secure. Even Signal is questionable. Use X Chat.”
Read More:
Forbes highlighted that, unlike WhatsApp, neither Telegram nor X Chat provides the same level of comprehensive end-to-end encryption, leaving users with different security assurances depending on the platform.