TikTok parent company ByteDance has fired four employees who improperly accessed the personal data of two journalists on the platform, TikTok spokesman Brooke Oberwetter said. confirmed to CNN on Thursday.
As ByteDance employees investigated potential employee leaks, they accessed the TikTok user data of the two journalists, who worked for the Financial Times and BuzzFeed, according to the company. The chief executives of TikTok and ByteDance disclosed to employees in two separate emails on Thursday that two of the employees involved, two in the United States and two in China, were fired after an investigation by an outside law firm on behalf of the companies.
Personal data obtained from journalists’ accounts included IP addresses, according to the spokesperson. IP addresses can provide information about a user’s location.
“The individuals involved abused their position to obtain TikTok user data,” said TikTok CEO Shou Zhou said in an email to employees, according to excerpts of the email seen by CNN. “This is unacceptable.”
Disclosure could further intensify scrutiny TikTok faces national security concerns in US given its ties to China. U.S. lawmakers have expressed concerns about the security of user data and the ability of the company’s Chinese employees to obtain information on U.S. TikTok users.
Criticism arose earlier this year after BuzzFeed News reported that some U.S. user data was repeatedly accessed from China, citing an employee who allegedly “saw everything in China.” In the case of TikTok, it has confirmed that U.S. user data can be accessed by some employees in China, but the company said security teams in the U.S. determine who can access U.S. user data from China.
In October, Forbes reported that ByteDance planned to use TikTok data to spy on certain U.S. citizens. In a report Thursday, Forbes named three journalists the firm is tracking. (TikTok declined to comment on whether the third reporter was actually affected.) The New York Times also reported that the contacts of several reporters on TikTok were also traced, which the company declined to confirm.
“The misconduct of these individuals who are no longer employed by ByteDance is a serious abuse of their authority to gain access to user data,” Oberwetter said in a statement Thursday. “This type of inappropriate behavior is unacceptable and inconsistent with our efforts to earn the trust of our users on TikTok.”
For this incident, TikTok said it had restructured its internal audit and risk teams and removed those teams’ access to U.S. user data, according to a spokesperson. “We take data security very seriously and we will continue to strengthen our access protocols, which have been significantly improved and strengthened since the incident,” Oberwetter said.
The British “Financial Times” stated that “surveilling journalists, interfering with their work or intimidating their sources is completely unacceptable. We will investigate this story more fully before deciding on our official response.” a statement said.
In a statement to CNN, a BuzzFeed spokesperson said it was “deeply disturbed” by the disclosure, which it called “blatant disregard for the privacy and rights of journalists and TikTok users.”
“More troublingly, this comes after a series of reports by BuzzFeed News revealed major problems within its parent company, from employees accessing data of U.S. users from China to ByteDance’s attempts to push pro-China messages to Americans ,” a BuzzFeed spokesperson said.
More than a dozen states, including Maryland, South Dakota and Texas, have banned state employees from using TikTok on government-issued devices in recent weeks, as have a small but growing number of universities on school-owned devices Access TikTok or Wi-Fi network. The Senate passed a bill earlier this week banning TikTok from all U.S. government devices. Three lawmakers have introduced legislation aimed at banning the short-video app from operating in the United States.
Douyin is currently Protracted talks with the U.S. government on a potential deal to address national security concerns and keep the app serving U.S. customers. It also said it had taken steps to isolate U.S. user data from the rest of its business, including through a partnership with U.S.-based Oracle.
“Regardless of the cause or result, this misleading investigation is a serious violation of the company’s code of conduct and is condemned by the company,” ByteDance CEO Rubo Liang said in an email to employees on Thursday. “We simply cannot risk our integrity compromising the trust of our users, employees and stakeholders.”