For years, TikTok has told lawmakers that the private data of its U.S. users is secured — and safe from potential influence or exfiltration — in a cluster of data centers located in Northern Virginia.

But interviews with seven current and former employees and more than 60 documents, photos and videos from the data centers reveal that the centers have faced security vulnerabilities ranging from unmarked flash drives plugged into servers to unescorted visitors to boxes of hard drives left unattended in hallways. Sources suggest that these challenges are the result of TikTok trying to grow its data storage capacity very quickly, and sometimes cutting corners along the way.

Documents, photos, and interviews also suggest that TikTok’s data center operations are still tightly enmeshed with ByteDance’s business in China. Among other suppliers, the data centers use servers produced by Inspur, a company that the Pentagon said in 2020 was controlled by the Chinese military and that the Commerce Department added to a sanctions list last month. Documents also show that as recently as last week, server work orders were sent to data center technicians by Beijing ByteDance Technology Co., Ltd., a ByteDance subsidiary partially owned by the Chinese government, which TikTok has repeatedly insisted has no control over its operations.

Read the post on Forbes and also Chris Castle’s panel at MusicBiz conference in 2020.(don’t say you weren’t warned)