China-based ByteDance, the parent company of short-form video making app TikTok, allegedly accessed the data of at least two US journalists and a “small number” of other people connected to them.
According to internal emails seen by The Verge, the accessed data includes the reporters’ IP addresses, “which were used to see if they had been physically near TikTok employees who were suspected of leaking information to the press”.
The revelation came as the US lawmakers aim to restrict TikTok over national security concerns, including banning it from government devices.
In October, TikTok denied that it used specific location data to track certain US individuals, pushing back against a Forbes report that alleged the app was planning on carrying out such monitoring.
Forbes had published an article alleging TikTok planned to use its app “to monitor the personal location of some specific American citizens.”
It was the Forbes report that prompted ByteDance’s investigation.
Earlier this month, the US state of Indiana sued TikTok over safety and security breaches.
Todd Rokita, Indiana’s attorney general, has accused TikTok’s parent company, ByteDance of violating the state’s consumer protection laws.
The state claims that the app fails to protect young people’s privacy.
TikTok said its policies take youth well-being into consideration.
The social media app has taken steps to distance itself from ByteDance.
In June, TikTok said it started routing US user data through Oracle to appease concerns that China-based employees could access US information.