Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source of leaks to the media, the company admitted Friday.
TikTok has gone to great lengths to convince customers and governments of major markets like the United States that users’ data privacy is protected and that it poses no threat to national security.
But parent company ByteDance told AFP on Friday that several staffers accessed two journalists’ data as part of an internal probe into leaks of company information to the media.
They had hoped to identify links between staff and a Financial Times reporter and a former BuzzFeed journalist, an email from ByteDance’s general counsel Erich Andersen seen by AFP said.
Both journalists previously reported on the contents of leaked company materials.
None of the employees found to have been involved remained employed by ByteDance, Andersen said, though he did not disclose how many had been fired.
In a statement to AFP, ByteDance said it condemned the “misguided initiative that seriously violated the company’s Code of Conduct”.
Employees had obtained the IP addresses of the journalists in a bid to determine whether they were in the same location as ByteDance colleagues suspected of disclosing confidential information, a company review of the scheme led by its compliance team and an external law firm found, according to Andersen.
The plan failed, however, partly because the IP addresses only revealed approximate location data.
TikTok has again come under the spotlight in the United States, with Congress poised to approve a nationwide ban on using the wildly popular short-video app on government devices owing to perceived security risks.
The House of Representatives could this week adopt a law prohibiting the use of TikTok on the professional phones of civil servants, a move that would follow bans in around 20 US states.
TikTok has sought to convince US authorities that US data is protected and stored on servers located in the country.
But following media reports, it has also admitted that China-based employees had access to US users’ data, although the company insisted it was under strict and highly limited circumstances.