This article is more than 1 year old

TikTok confirms it tracked journalists' locations as part of leak investigation

As if you needed another reason to delete the app right now

Video sharing platform TikTok and its parent company ByteDance are leakier than a sieve – and it has emerged that in an attempt to plug the holes, members of ByteDance's internal audit team tracked the physical location of journalists via their IP addresses.

The idea was to check the journalists' proximity, through their TikTok accounts, to ByteDance staffers who could be feeding them information. Nothing came of the invasion of privacy.

Writers at the Financial Times, Forbes and a number of people close to them were targeted. Both outlets have published articles critical of TikTok based on leaked information – ranging from the firing of an exec for saying he "didn't believe" in maternity leave to TikTok's ties to China and the Chinese Communist Party.

TikTok spokesperson Hilary McQuaide appears to have confirmed the abuse, telling Forbes: "The misconduct of certain individuals, who are no longer employed at ByteDance, was an egregious misuse of their authority to obtain access to user data. This misbehavior is unacceptable, and not in line with our efforts across TikTok to earn the trust of our users."

Among those let go were chief internal auditor Chris Lepitak, his boss China-based exec Song Ye, and two others.

More leaked material further confirmed the scandal. ByteDance CEO Rubo Liang said in an internal email: "I was deeply disappointed when I was notified of the situation… and I'm sure you feel the same. The public trust that we have spent huge efforts building is going to be significantly undermined by the misconduct of a few individuals… I believe this situation will serve as a lesson to us all."

"It is standard practice for companies to have an internal audit group authorized to investigate code of conduct violations," TikTok General Counsel Erich Andersen wrote in another leaked email. "However, in this case individuals misused their authority to obtain access to TikTok user data."

What sparked the surveillance campaign was an article by Forbes that said ByteDance planned to use TikTok to monitor the location of specific American citizens. The companies did not deny the claims but posted on Twitter that "TikTok has never been used to 'target' any members of the US government, activists, public figures or journalists," and that "TikTok could not monitor US users in the way the article suggested." However, Forbes said CEO Liang's internal email acknowledged TikTok had been used in exactly this way.

TikTok is in the process of migrating its data to Oracle cloud servers due to national security concerns from the United States government. However, staff told the New York Times that the rogue employees had accessed historical data. This data is supposed to be deleted once migration is complete.

The snooping bombshell comes amid a rising backlash against TikTok from US officials. A number of states and government organizations have banned personnel from installing the app on government-issued devices – with good reason, if these revelations are anything to go by.

A spokesperson told us: "ByteDance condemns this misguided plan that seriously violated the company's Code of Conduct. We have taken disciplinary measures and none of the individuals found to have directly participated in or overseen the misguided plan remain employed at ByteDance." ®

More about


Send us news

Other stories you might like