In August 2021, TikTok received a complaint from a British user, who flagged that a man had been “exposing himself and playing with himself” on a livestream she hosted on the video app. She also described past abuse she had experienced.
To address the complaint, TikTok employees shared the incident on an internal messaging and collaboration tool called Lark, according to company documents obtained by The New York Times. The British woman’s personal data — including her photo, country of residence, internet protocol address, device and user IDs — were also posted on the platform, which is similar to Slack and Microsoft Teams.
Her information was just one piece of TikTok user data shared on Lark, which is used every day by thousands of employees of the app’s Chinese owner, ByteDance, including by those in China. According to the documents obtained by The Times, the driver’s licenses of American users were also accessible on the platform, as were some users’ potentially illegal content, such as child sexual abuse materials. In many cases, the information was available in Lark “groups” — essentially chat rooms of employees — with thousands of members.
The profusion of user data on Lark alarmed some TikTok employees, especially since ByteDance workers in China and elsewhere could easily see the material, according to internal reports and four current and former employees. Since at least July 2021, several security employees have warned ByteDance and TikTok executives about risks tied to the platform, according to the documents and the current and former workers.