ByteDance, the parent company behind TikTok, admitted this week a handful of its employees, some based in China, inappropriately accessed TikTok data of U.S. users and two journalists when conducting an investigation attempting to snuff out the source of a damning leak.
TikTok CEO Shou Chew reportedly admitted the overreach in a memo sent to employees viewed by Bloomberg. The revelations follow a months-long internal investigation at the company spurred by a Forbes investigation earlier this year alleging the company planned to use the TikTok app to track certain U.S. users’ locations. ByteDance’s investigation this week determined several employees accessed ID addresses and other personal data from a pair of BuzzFeed News and Financial Times reporters and an unknown number of U.S. users who they were in contact with. Those leaker hunters were reportedly attempting to see if the targeted users were within the proximity of ByteDance employees. Those efforts came up empty.
“The misconduct of certain individuals, who are no longer employed at ByteDance, was an egregious misuse of their authority to obtain access to user data,” the spokesperson said in an email to Gizmodo. “This misbehavior is unacceptable, and not in line with our efforts across TikTok to earn the trust of our users. We take data security incredibly seriously, and we will continue to enhance our access protocols, which have already been significantly improved and hardened since this incident took place.
ByteDance, according to The New York Times, says it fired all four of the employees who accessed the U.S. users’ data. Two of those employees were reportedly based in China while the other two were based in the U.S. Following the investigation, ByteDance reportedly restructured its internal audit team and removed the department’s access to U.S. data but executives fear the damage is already done.
“The public trust that we have spent huge efforts building is going to be significantly undermined by the misconduct of a few individuals,” ByteDance Chief Executive Rubo Liang said according to emails seen by the Times.
The findings come around six months after a BuzzFeed News report which cited leaked audio from TikTok meetings that allegedly confirms U.S. user data has repeatedly been accessed from China. That report claimed engineers had access to U.S. user data for five months between September 2021 and January 2022.
U.S., lawmaker chomping at the bit to restrict TikTok’s access will almost surely try to capitalize on the latest overreaches to argue in favor of new legislation taking aim at the company. Just last week, a bipartisan group of U.S. lawmakers including Senator Marco Rubio and representatives Mike Gallagher and Raja Krishnamoorthi introduced a new bill that, if passed, would effectively ban TikTok from operating in the U.S. Specifically, the bill would call on President Joe Biden to block all U.S transactions with TikTok and ByteDance, something former president Donald Trump flirted with, over claims ByteDance’s collection of American user data represents a national security threat.