These are revelations that put TikTok in even more difficulty: its data centers would be real mills. These are 7 employees of the social network who claim that these centers are the place of serious data security breaches.
For years, TikTok has tried to reassure the US government that its users’ private data is secure and free from Chinese influence. This data is stored in a set of data centers located in the United States, in the state of Northern Virginia. However, Forbes reveals in an investigation of serious security flaws concerning TikTok’s servers in the United States. The media conducted its investigation by interviewing seven current and former employees on condition of anonymity and by analyzing more than 60 documents, photos and videos from the social network’s data centers.
TikTok servers, more accessible than a mill
Like many tech giants, TikTok leases space in large data centers in Northern Virginia. TikTok’s server rooms in these centers are managed partly by its parent company, ByteDance, and partly by contract workers from data center management companies. To ensure their safety, TikTok says its “Virginia data center includes physical and logical security controls such as protected entry points, firewalls, and intrusion detection technologies.”
However, seven current and former employees interviewed by Forbes say security at sites is variable or even lax. Contrary to company policy, they claim that unaccompanied outside visitors were able to plug USB drives into company servers.
They are also the machines used to erase and destroy obsolete hard drives that often go out of service, requiring staff to transport the drives to other data centers for recycling. These piles of hard drives were sometimes left unattended in mall hallways, and one employee claims that “anyone with bad intentions could have just taken them, and we wouldn’t have known it“. These problems are said to be due to the fact that TikTok needed a rapid increase in its data storage capacity, at the expense of the security of its data centers.
Documents also suggest that TikTok’s data center operations are still closely tied to ByteDance’s business in China, contrary to what the social network claims in Europe and the United States. Among other vendors, the data centers use servers produced by Inspur, an electronics company suspected of being controlled by the Chinese military.
Worse still, some documents also show that just last week, server work orders were sent to data center technicians by Beijing ByteDance Technology. This ByteDance subsidiary has the particularity of being partially owned by the Chinese government, which TikTok has always claimed has no control over its operations.
TikTok faces ever more difficulties
These revelations come at a critical time for TikTok. Accused of being China’s spy, the app could soon be banned in the United States for allegedly stealing valuable data about American citizens or being used by China to influence political trends. The US government is demanding that Bytedance sell TikTok to an American company, or risk being banned.
The European Union is following the same movement, particularly in France where TikTok is now banned on the phones of civil servants.
Last week it was also Bloomberg who released an investigation into the TikTok algorithm that encourages vulnerable teenagers to commit suicide. In short, nothing is going well for the Chinese social network.
TikTok’s response
Under the threat of a ban in the United States, the social network claimed that it would remove the private data of American users from its servers, isolating them in a set of data centers belonging to Oracle. Despite these beautiful declarations of intent, the CEO of TikTok declared last month before a parliamentary committee that the data of American users was still today on his servers in Virginia.
In response to Forbes’ investigation, TikTok admitted to using Inspur servers, but the app says it didn’t “no longer stocked with this supplier for some time“, while pointing out that Inspur has also worked with other large American companies, including Microsoft, IBM and Intel.
To read: This TikTok filter worries professionals: “even with cosmetic surgery, you will never have this rendering”
The company also explains that the orders received from Beijing ByteDance Technology (its subsidiary partially owned by the Chinese government) are “an artifact of a ticketing system“, Who “does not provide any access to user data” and therefore that Beijing ByteDance Technology “does not participate in the management, operation or control of our data centers“. Again, the company is on the defensive:
“Over the past few years, we have increased our investments in people, processes and technology to help protect our community, including building a dedicated team for data center operations, maintenance and to compliance.”
Source : Forbes
