TikTok employees accessed western journalists' data, ByteDance admits

TikTok employees tracked several journalists 'as part of a covert surveillance campaign'

ByteDance, the Chinese firm that owns popular video app TikTok, says it has found after conducting an investigation that some of its employees inappropriately accessed the data of users, including two journalists.

The company initiated the probe in response to a Forbes story published in October that stated ByteDance intended to utilise TikTok data to track specific US citizens.

Earlier, a BuzzFeed story claimed that data from US users had been frequently accessed from China. The story also cited a TikTok employee who said that "everything is seen in China."

ByteDance now says that over the summer, a few employees who were part of a team responsible for monitoring employee behaviour attempted to track down anonymous sources who were leaking confidential internal communications to media.

The staff were able to acquire two reporters' IP addresses and other information, as well as the data of a limited number of people linked to the reporters through their TikTok accounts.

According to ByteDance, the employees were looking to see whether those people were in touch with ByteDance personnel, although they were unable to locate any leaks.

Erich Andersen, who serves as general counsel for ByteDance, sent an email to the company's staff on Thursday in which he shared the results of the inquiry, which was conducted by an independent law firm.

ByteDance's CEO Liang Rubo sent a separate email to employees, stating that the company needs to "deeply reflect on our actions and think about how we can prevent similar incidents from happening again."

"No matter what the cause or the outcome was, this misguided investigation seriously violated the company ' s Code of Conduct and is condemned by the company," he added. "We simply cannot take integrity risks that damage the trust of our users, employees, and stakeholders."

On Thursday, Forbes reported that TikTok employees had tracked several Forbes journalists, including some who had previously worked at BuzzFeed, "as part of a covert surveillance campaign" aimed at identifying the source of leaks.

"We simply cannot take integrity risks that damage the trust of our users, employees, and stakeholders," Forbes said.

According to the New York Times, ByteDance confirmed that the targeted journalists were Cristina Criddle of the Financial Times and Emily Baker-White, who previously wrote for BuzzFeed and is now at Forbes.

The firm declined to identify any other TikTok users who were impacted.

Randall Lane, the chief content officer of Forbes, called the tracking of journalists a direct attack "on the idea of a free press and its critical role in a functioning democracy."

According to Forbes, ByteDance sacked Chris Lepitak, the chief internal auditor responsible for the company ' s Internal Audit and Risk Control department. In its October report, Forbes said that Lepitak was likely looking for information on the "location and details of the Oracle server that is central to TikTok ' s plans to limit foreign access to personal US user data."

ByteDance confirmed that the tracking campaign was being carried out by Lepitak's team. It added that all four of the staff members who participated in the campaign were terminated. Two of them were based in China, while two others were in the US.

ByteDance has since reorganised its internal audit department and restricted access to US data for that division.

The company officials said that they were taking extra precautions to safeguard user data.

ByteDance ' s latest admission will likely add to the pressure being applied to TikTok in the US by lawmakers and President Joe Biden's administration to address security concerns over the safety of US users ' data.

The US Senate has already approved a bill that contains a provision to prohibit federal workers from using TikTok on government-issued devices. The House will vote on the bill on Friday.

Several US states, including Maryland, Texas and Iowa, have also taken measures in recent months to prevent employees from installing TikTok on government devices.