ByteDance, the Chinese parent company behind the popular video-sharing platform TikTok, on Thursday, admitted that four of its TikTok employees had inappropriately gained access to TikTok data of some U.S. users, including journalists.
The data that was accessed by these employees this summer was part of an unsuccessful attempt to find the suspected leaks of internal conversations and other communications to outside journalists.
RELATED: Best Alternatives To TikTok
According to internal emails reviewed by The New York Times, the four ByteDance employees — two U.S. based and the other two based in China, who were found guilty have been fired for taking part in the scheme. The company’s investigation was led by an outside law firm.
The Times noted that the two reporters whose data was accessed were of a former BuzzFeed reporter and a Financial Times reporter. Not just this, but a small number of people who were connected to the two reporters were also targeted.
“The individuals looked at the IP addresses of the journalists to try to determine if they were in the same location as the employees suspected of leaking confidential information, notwithstanding the fact that IP addresses would only yield approximate location information,” said the internal email from TikTok general counsel Erich Andersen.
“Not surprisingly, their ill-considered efforts did not result in identifying the sources of the leaks. Nonetheless, their access to user data in connection with these efforts was a significant violation of the company’s Code of Conduct.”
ByteDance reportedly said it is restructuring its Internal Audit and Risk Control (IARC), as well as removing all user data access and permissions for the IARC department.
Liang Rubo, ByteDance’s Chief Executive, said that he was “deeply disappointed” in the findings.
“The public trust that we have spent huge efforts building is going to be significantly undermined by the misconduct of a few individuals,” Liang wrote to employees in the email.
A TikTok spokesperson called it “an egregious misuse of their authority to obtain access to user data” by the now-terminated employees.
“The misconduct of certain individuals, who are no longer employed at ByteDance, was an egregious misuse of their authority to obtain access to user data. This misbehavior is unacceptable, and not in line with our efforts across TikTok to earn the trust of our users,” the spokesperson told in a statement.
“We take data security incredibly seriously, and we will continue to enhance our access protocols, which have already been significantly improved and hardened since this incident took place.”
In a separate email to its employees, TikTok CEO Shou Zi Chew referred to the incident as “the poorly conceived acts of a few people” and said that the misconduct was inconsistent with the short video app’s values.
Earlier this October, TikTok had strongly denied a story by Forbes that ByteDance had planned to use the platform to collect approximate locations of specific American citizens by using IP addresses. ByteDance’s investigation, which was a result of this report, ultimately led to the firing of the four employees.
The revelation comes at a time when U.S. lawmakers are taking measures to restrict TikTok over national security concerns, including banning from all government devices, as they are worried it may be used as a spy tool by China or to influence U.S. citizens. Even MPs from both the U.S. parties have introduced bills to ban the short video app.
