Chinese social media giant TikTok has admitted that it accessed the private data of two journalists without their knowledge.
On Thursday, the parent company of the popular video app said its employees improperly accessed the journalist’s data as part of a failed effort to investigate leaks of company information.
The employees looked at journalists’ IP addresses to find out if they were in the same location as employees suspected of leaking confidential information.
The revelation, previously reported by the New York Times, could add to the pressure TikTok in Washington faces from lawmakers and the Biden administration over security concerns related to US user data.
A person briefed on the matter said four employees of ByteDance (TikTok’s parent company) involved in the incident were fired, including two in China and two in the United States. Company officials said they were taking additional steps to protect user data.
Congress will pass legislation this week to ban U.S. government employees from downloading or using TikTok on their government-owned devices, and more than a dozen governors have banned state employees from using TikTok on state-owned devices.
The Financial Times said in a statement that ‘Spying on reporters, interfering with their work or intimidating their sources is completely unacceptable. We will investigate this story more thoroughly before deciding on our formal response.”
BuzzFeed News spokesperson Lizzie Grams said the company was deeply disturbed by the report, saying it showed “a blatant disregard for the privacy and rights of both journalists and TikTok users.”
On Thursday, Forbes reported that ByteDance had been tracking several Forbes journalists, including some who formerly worked at BuzzFeed “as part of a covert surveillance campaign” to discover the source of leaks.
Randall Lane, Forbes’ chief content officer, called it “a direct attack on the idea of a free press and its critical role in a functioning democracy.”
TikTok chief executive Shou Zi Chew said in a separate email to employees seen by Reuters that such “misconduct is not at all representative of what I know to be the principles of our company.”
He said the company “will continue to improve these access protocols, which have already been significantly improved and hardened since this initiative took place.”
Chew said the company had spent the past 15 months building TikTok US Data Security (USDS) to ensure protected TikTok US user data remains in the United States.
“We are completing the migration of US protected user data management to the USDS division and have been systematically cutting access points,” he wrote.
ByteDance also said it was restructuring its Internal Audit and Risk Management department, and the global research function would be split and restructured.
The US Government Committee on Foreign Investment in the United States (CFIUS), a national security agency, has been trying for months to reach a national security agreement with ByteDance to protect the data of more than 100 million US TikTok users, but it appears no deal will be made. reached before the end of the year.
MORE: How to create a celebratory feast inspired by TikTok’s food trends for 2022
MORE: TikTok shows teens ‘eating disorder and self-harm within minutes’