Instagram has been storing users deleted data

One security researcher gained $6000 for reporting the bug, which has now been fixed

Where does your data go once it’s been deleted? Is there such a thing as permanent deletion online? It’s the internet-age old question that often leaves users perplexed. For one Instagram user, the answer was simple: nowhere, and no. 

When he requested to download all of his data from the Facebook-owned photo sharing app security researcher, Saugat Pokharel, was awarded $6000 for finding that Instagram had kept hold of his photos and direct messages over a year after they’d been deleted, reports TechCrunch.

Pokharel found that this was the case and reported the issue to Instagram through the app’s bug bounty programme in October 2019. The bug was subsequently fixed last month. 

A spokesperson for Instagram told TechCrunch: “The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram. We’ve fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us.”

It’s unclear how long the bug was active and how many accounts it affected. Instagram usually takes 90 days to permanently delete information for their servers, so it is strange that Pokharel was able to access data from over a year ago. 

The Download Your Information tool was implemented in 2018 following new European data rules. According to The Verge, “GDPR mandates that EU citizens have a ‘right of access’ to their data, allowing them to request a copy of all the information a company stores on them within a reasonable amount of time”. 

The bug was almost identical to that of Twitter’s in 2019, which saw users able to access data they’d deleted years prior, including direct messages from deactivated and suspended accounts.

You might like this

The update comes with 10 new features to enhance the Instagram messaging experience
Multiple employees discussed the attack on popular subreddit r/hackers
The decision was made after a hearing late Sunday evening
If Trump can't justify the ban, the judge might grant TikTok's request to postpone it until a better deal is reached

Share this article

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
PC guide

Independent, transparent, rigorous and authentic, our reviews are the most thorough and honest in PC gaming. Learn about our review process.

Leave a Reply

Your email address will not be published. Required fields are marked *