Instagram Kept Pictures And DMs Even After You Deleted Them


Instagram’s delete buttons may not have functioned as you intended them to in the last year. Discovered by an independent security researcher, Saugat Pokharel, Instagram kept copies of deleted pictures and private direct messages on its servers even after someone removed them from their account.

Last year, when Pokharel downloaded an archive of his Instagram account’s data, he found that the file also contained images and messages he had deleted more than a year ago — suggesting that while these pictures weren’t visible on his profile, they were still present on Facebook’s servers.

Instagram says this issue was patched last month and that it has “seen no evidence of abuse.” “The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram,” an Instagram spokesperson told TechCrunch.

Oddly enough, in the statement, Instagram doesn’t address whether it has now gotten rid of its users’ old pictures and messages. It simply admits that their presence in Pokharel’s archive was an accident. We’ve reached out to Instagram for more information and we’ll update the story when we hear back.

It’s important to note that similar to Facebook, Instagram takes up to 90 days to clear your data from its servers after you’ve pressed the delete button. However, in one of its data policies, Facebook says “copies of your information may remain after the 90 days in backup storage that we use to recover in the event of a disaster, software error, or other data loss event. We may also keep your information for things like legal issues, terms violations, or harm prevention efforts.”

Facebook awarded Pokharel a sum of $6000 after he reported the incident through the company’s bug bounty program, an initiative that rewards researchers for unearthing security bugs that Facebook’s team may have missed.

This isn’t the first time a social network has retained its users’ deleted data. A year ago, another security researcher, through Twitter’s data download tool, discovered that it kept direct messages you have deleted on its servers for years.

Editors’ Recommendations

Source link

Article Tags: · · ·