Instagram kept deleted photos and messages on its servers for more than a year

Saugat Pokharel, a security researcher has been rewarded a $6,000 bug bounty for detecting the problem

Tech Desk August 15, 2020

Your deleted Instagram photos are not gone for good, according to the latest discovery made by Saugat Pokharel, a security researcher.

When Pokharel requested a copy of photos and direct messages from the popular photo-sharing app he also received deleted data from more than a year ago, showing that the information had never been entirely removed from Instagram’s servers, reports The Verge.

Twitter wants to buy TikTok

This issue was due to a bug in the system which is now fixed all thanks to Pokharel who has been rewarded a $6,000 bug bounty for highlighting the problem.

“The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram,” a spokesperson for Instagram told TechCrunch.

“We’ve fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us.”

Whenever we delete data from online services after sometimes the data is fully removed from the site’s servers.

Instagram claims that it usually takes around 90 days to completely remove data, however, security researchers have found issues with other social media platforms including Twitter. They were able to retain direct messages between users for years after they were apparently deleted.

'Killer robots' now a grave threat to mankind

Pokharel was able to detect the bug because GDPR mandates that EU citizens have a “right of access” to their data, allowing them to request a copy of all the information a company stores on them within a reasonable amount of time.

The company has been in hot waters for its privacy policy. In April federal appeals court revived nationwide litigation accusing Facebook of violating users’ privacy rights by tracking their internet activity even after they logged out of the social media website.

Facebook users had accused the company of quietly storing cookies on their browsers that tracked when they visited outside websites containing “like” buttons and then selling personal profiles based on their browsing histories to advertisers.

This article was originally published on The Verge.


Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ


Most Read