The pet cat account on TikTok that may have been used to spy on a British journalist
[ad_1]
Reporter Cristina Criddle says it was ‘scary’ to learn that her data had been accessed. Cristina Criddle was informed by TikTok that personal data on her account had been accessed by employees of the ROBERT TIMOTHY/BBC network Two days before last Christmas, TikTok called journalist Cristina Criddle, from London, to tell her that two employees of the company in China and two in the US had viewed users’ personal account data without their knowledge or consent. “It was really scary and horrible, a rape,” she says. “I was at my family’s house with my teenage sister, my teenage cousins — and they all use TikTok all the time. They were like, ‘Wow, should we be worried?'” What happened to Cristina — a technology correspondent for the British newspaper Financial Times, as well as a friend and former colleague of mine — is what TikTok and its parent company, ByteDance, have always denied happening, and that’s why she decided to tell to BBC News. ‘Real threat’ TikTok confirmed that members of its internal audit department analyzed the location of Cristina’s IP address – the unique number of a device – and compared it with IP data from an unknown number from its own team, to try to identify who was secretly meeting with the press. They “misused their authority” to do this and were acting without authorization. Cristina doesn’t know how long she was tracked or how often, but she knows it happened last summer. “If my location were being tracked 24/7, it wouldn’t just be limited to my actions at work — even if it were, it wouldn’t be OK — but also my personal life,” she says. “It was when I was hanging out with my friends, when I was on vacation, all those things are there.” “The real threat and the scariest thing is that I was just trying to do my job.” Cristina’s TikTok account was on her personal cell phone — and in the name of her cat, Buffy. Her own name and profession were not mentioned in the bio. She had about 170 followers, and over the course of three years, she had posted about 20 Buffy videos, which were viewed, on average, a few hundred times. Cristina’s cat on TikTok BBC Like most social media platforms, TikTok collects a lot of information about its account owners, including: Location data; “Likes”; The device being used; Online activity outside the platform itself. Western users’ data is never accessed or stored inside China, the company says. And the team responsible for the data breach of Cristina and a handful of other Western journalists last year was fired for misconduct. ByteDance, owner of TikTok, said it “deeply regrets” what it described as a “significant breach” of its code of conduct and is “committed to ensuring this never happens again”. ‘Being tracked’ Last summer, Cristina had spoken with TikTok employees unhappy with the company’s practices. The data breach failed to identify sources of it, according to TikTok. She says they may also have violated the European Union’s strict General Data Protection Regulation, which states that users must actively consent to how their data is used. The penalties for companies that do not comply are large. For now, Cristina has kept her account open because she still needs access to TikTok for work — but the app now lives on a device kept at her workplace. And she reduced her and Buffy’s social media usage on other platforms as a result of what happened. “I really had to think about my security — particularly my digital security,” she says. “I’m super careful right now. I have to make sure there’s no chance of my devices being tracked. I have to make sure my sources are also aware of the potential challenges to their security.” ‘Further Investigation’ Cybersecurity expert Alan Woodward of the University of Surrey in the UK said this level of tracking “cannot be described as accidental, or even incidental”. “Someone had to do additional investigation to find out that the cat bead was in fact Cristina’s,” he says. TikTok is struggling to survive in the US — and access to it has already been restricted on official devices in several other countries. ByteDance is headquartered in Beijing — although it also has offices in Europe and the US — and there are concerns that it could share Western user data with the Chinese government if required to do so. However, the app remains extremely popular, with more than 3.5 billion downloads worldwide.
[ad_2]
Source link