One ByteDance engineer in Beijing was referred to as a 'Master Admin' for TikTok.
Regardless of what TikTok says publicly, it seems the short-form video hosting service has been sharing US user data with China.
As BuzzFeed reports(Opens in a new window), leaked audio from more than 80 internal TikTok meetings reveals engineers working for ByteDance (TikTok's parent company) in China could see everything. In total, 14 statements from nine different TikTok employees confirmed access to the data by individuals located in China.
The evidence is quite damning, with US employees either not having permission to or knowledge of how to access US user data themselves. Instead, someone in China had to access it for them, with at least one ByteDance engineer in Beijing referred to as a "Master Admin."
It's unclear exactly how long US data has been accessible in China, but the leaked audio confirms it was available from Sept. 2021 to Jan. 2022 at the very least. That's a key bit of information to keep in mind when you consider TikTok released a statement back in 2019(Opens in a new window) which said, "We store all TikTok US user data in the United States, with backup redundancy in Singapore. Our data centers are located entirely outside of China, and none of our data is subject to Chinese law."
While that statement above may be true, the company also stated "TikTok does not operate in China, nor do we have any intention of doing so in the future," clearly ByteDance employees in China are treated separately.
In response to the leaked audio, TikTok spokesperson Maureen Shanahan told BuzzFeed:
"We know we're among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data. That's why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses."
On the same day BuzzFeed revealed details of the leaked audio, TikTok announced(Opens in a new window) it has been working with Oracle for more than a year to "better safeguard our app, systems, and the security of US user data."
All US user traffic is now routed through the Oracle Cloud Infrastructure and TikTok expects to delete US users' private data from its own data centers in the US and Singapore. TikTok also explains how it has a new department "with US-based leadership, to solely manage US user data for TikTok."
Switching to Oracle's cloud and pledging to manage US data in the US suggests no more ByteDance engineers will have access to it. However, TikTok's management would be naive to think this was the end of the matter. If anything, it's more likely to be just the beginning of fresh scrutiny over the company's practices.
- Karlston
-
1
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.