- TikTok US user data was accessed by engineers at its Chinese parent company for at least four months, BuzzFeed News reports.
- The outlet reported the data was accessed repeatedly from China, based on leaked audio.
- It could raise fresh privacy concerns for TikTok, which has already been under government scrutiny.
TikTok data on its US users has been repeatedly accessed by China-based employees of the social platform’s Chinese parent company, ByteDance, according to audio from over 80 internal TikTok meetings obtained by BuzzFeed News.
Based on the leaked audio, BuzzFeed News reported that:
- Engineers in China had access to the US user data at least between September 2021 and January 2022.
- US-based TikTok employees did not know how to — and did not have permission to — access the data, and relied on staff in China to do so.
A spokesperson provided a statement to BuzzFeed News in response to its story.
“We know we’re among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data,” the spokesperson told BuzzFeed. “That’s why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses.”
In a statement provided to Insider, a spokesperson said:
“As we’ve publicly stated, we’ve brought in world class internal and external security experts to help us strengthen our data security efforts. This is standard industry practice given the complexity of data security challenges. In May, we created a new in-house department, U.S. Data Security (USDS), with US-based leadership, to provide a greater level of focus and governance on US data security. The creation of this organization is part of our ongoing effort and commitment to strengthen our data protection policies and protocols, further protect our users, and build confidence in our systems and controls.”
One director at TikTok referred to a ByteDance engineer as a “Master Admin” who “has access to everything” on the audio, according to BuzzFeed News.
On Friday, the same day that BuzzFeed News published its report, TikTok announcement that “100% of US user traffic is being routed to Oracle Cloud Infrastructure,” rather than being stored in its own data centers in the US and Singapore.
Last year, consultants were brought in to TikTok to help with data migration and review the flow of data from TikTok to ByteDance’s internal tools, according to BuzzFeed News.
“I feel like with these tools, there’s some backdoor to access user data in almost all of them, which is exhausting,” one consultant told TikTok employees, according to BuzzFeed News.
The BuzzFeed News report is sure to raise fresh privacy and national-security concerns that have been on the radar of both former President Trump and President Biden, as the Chinese government has recently cracked down on local tech companies like ByteDance.
As TikTok grew into a social-media juggernaut in 2020, Trump set a deadline of September 20 that year for ByteDance to find a US buyer for the platform. If it didn’t, Trump’s order would have banned new app downloads in the US and updates for existing users. On November 12, the Trump administration would have targeted the app’s functionality.
But after potential deals with Microsoft and Oracle fell through, the deadlines passed without action by the US government.
And earlier this year, the Biden Administration proposed new rules that would give the US government more oversight over apps that could be a national-security risk, including TikTok.