BuzzFeed News obtained leaked audio from 80 internal TikTok meetings showing US user data was repeatedly accessed from China. The DOJ alleged sensitive data including PII was shared via Lark (internal tool) and stored on Chinese servers. ByteDance engineers built scraping tools to collect bulk US user data including views on gun control, abortion, and religion. The Wall Street Journal confirmed managers instructed workers to share data bypassing official channels.
“TikTok is a Chinese surveillance tool. User data is going directly to ByteDance in Beijing despite their claims about storing it in the US.”
What they said vs. what the evidence shows
“TikTok has never shared, and would never share, US user data with the Chinese government.”
— TikTok CEO Shou Zi Chew · Mar 2023
SourceFrom “crazy” to confirmed
The Claim Is Made
This is the moment they called it crazy.
For years, TikTok executives insisted there was nothing to worry about. When concerns mounted about Chinese access to American user data, the company's leadership went on the record with reassurances that US information was protected and isolated from ByteDance operations in China. Those statements, it turned out, were false.
BuzzFeed News obtained leaked audio recordings from 80 internal TikTok meetings that documented something the company had spent considerable effort denying: US user data was being repeatedly accessed by engineers and staff operating from China. The meetings, which spanned multiple years, revealed a pattern of data access that contradicted every public statement the company had made about data security and geographic containment.
The specifics were damning. According to the Department of Justice's analysis of these materials, sensitive information including personally identifiable information was shared through Lark, an internal communication tool, and stored on servers physically located in China. ByteDance engineers had even constructed specialized scraping tools designed specifically to collect bulk data on American users—not random samples, but systematic harvesting of user information tied to politically sensitive topics like views on gun control, abortion, and religion.
This wasn't a minor data breach or an isolated incident of unauthorized access. The Wall Street Journal's subsequent reporting confirmed that managers had explicitly instructed workers to route data through unofficial channels, deliberately bypassing the company's stated security protocols. The instruction itself implied knowledge of wrongdoing—if the data transfers were legitimate, there would be no need to hide them.
TikTok's public response to these revelations followed a familiar corporate playbook. The company suggested the findings were being mischaracterized, that the data access was routine and necessary for business operations, and that American users' information was ultimately safe. But the gap between these statements and the reality documented in the leaked meetings was too large to credibly bridge. The audio recordings existed. The meetings had happened. The engineers had accessed the data.
Get the 5 biggest receipts every week, straight to your inbox — plus an exclusive PDF: The Top 10 Conspiracy Theories Proven True in 2025-2026. No spam. No agenda. Just the papers they couldn't hide.
You just read "TikTok's US user data was repeatedly accessed from China des…". We send ones like this every week.
No one's said anything yet. Be the first to drop your take.
Confirmed: They Were Right
The truth comes out. Officially documented.
Confirmed: They Were Right
The truth comes out. Officially documented.
The significance of this claim's verification extends beyond TikTok's reputation. It raised urgent questions about what other Chinese technology companies might be doing with American user data, how thoroughly regulators were actually monitoring these operations, and whether app store policies had real teeth. If TikTok was willing to deny documented data access practices under public scrutiny, what assurances could users reasonably trust?
For policymakers and security experts, the verified claim represented concrete evidence supporting years of theoretical concerns. For ordinary users, it meant that a platform used by over 150 million Americans had been collecting their behavioral data and feeding it to foreign engineers—precisely the scenario that privacy advocates had warned about, and that company spokespeople had repeatedly dismissed as conspiracy thinking.
This case exemplifies why documenting verified claims matters. It's not enough that something eventually proves true; the public record needs to clearly show what was claimed, what was denied, and what evidence ultimately proved the denial false. That accountability becomes the basis for better skepticism and smarter policy going forward.
Beat the odds
This had a 0.2% chance of leaking — someone talked anyway.
Conspirators
~150Network
Secret kept
4.1 years
Time to 95% exposure
500+ years
