MANILA, Philippines – TikTok and its parent company ByteDance found out that employees abused their privileges to track journalists in an effort to stop leaks of information from the company.

Forbes reported (paywalled) on Thursday, December 22, that ByteDance’s internal investigation discovered that employees accessed the IP addresses and user data of Forbes journalists to try and figure out if the journalists were in the general area of a ByteDance employee – seen as a potential information leak.

ByteDance fired Chris Lepitak, its chief internal auditor, while China-based executive Song Ye, who Lepitak reported to and who reports directly to ByteDance CEO Rubo Liang, resigned as a result of the investigation.

Liang wrote in an internal email shared with Forbes he was “deeply disappointed” when he was informed of the situation, noting that “The public trust that we have spent huge efforts building is going to be significantly undermined by the misconduct of a few individuals. … I believe this situation will serve as a lesson to us all.”

As Tiktok surges, the China and disinformation specter looms large

In a separate internal email shared with Forbes, TikTok General Counsel Erich Andersen said that while it was standard practice for there to be an internal audit group authorized to investigate violations of the company’s code of conduct, “in this case individuals misused their authority to obtain access to TikTok user data.”

Targeting reporters

A December 23 report from The Guardian, citing an email from Andersen, said the spying targeted Emily Baker-White, a former BuzzFeed reporter who’s now with Forbes, and Cristina Criddle of the Financial Times, among others. Though the attempts were unsuccessful, it resulted in at least four members of staff based in both the US and China improperly accessing such data.

Forbes reported on these surveillance tactics in October. Asked for comment, ByteDance and TikTok did not deny the surveillance, but tweeted that “TikTok has never been used to ‘target’ any members of the US government, activists, public figures or journalists.”

They also said “TikTok could not monitor US users in the way the article suggested.”

Liang acknowledged later on through an internal email that TikTok had been used in the manner Forbes earlier reported on.

Randall Lane, chief content officer of Forbes, slammed ByteDance for the action, calling it “a direct assault on the idea of a free press and its critical role in a functioning democracy.”

“We await a direct response from ByteDance, as this raises fundamental questions about what they are doing with the information they compile from TikTok users,” Lane added.

TikTok spokesperson Hilary McQuaide commented on the reporting, saying, “The misconduct of certain individuals, who are no longer employed at ByteDance, was an egregious misuse of their authority to obtain access to user data. This misbehavior is unacceptable, and not in line with our efforts across TikTok to earn the trust of our users.”

While this is not the first instance of a tech company using its resources to spy on journalists – Uber had previously been in hot water after former executive Josh Mohrer tracked a journalist using Uber’s internal “God View” tool without her consent – what distinguishes the ByteDance-TikTok issue is that TikTok told lawmakers in June 2022 that access to certain data of US users would be “limited only to authorized personnel, pursuant to protocols being developed with the US Government.”

ByteDance’s disclosure may add further pressure on TikTok, which is partially blocked on computers used by federal employees in 19 US states, and lower its profile among privacy-conscious users. –