Instagram's servers kept private photos and DMs long after deletion
Despite doing a good job at distancing itself from Facebook and its privacy-related debacles, Instagram keeps running into occasional minor issues. Just a few weeks back, we saw the case of unauthorized camera usage on the service, and now, in another unexpected development, it has been caught retaining deleted user data for a period longer than originally thought. Here's all about it.
Deleting data requires removal from servers
In the age of data-based ad monetization, when a user deletes their information from an online service, they expect it to be wiped out from the servers of that platform, as well. Now, some companies may keep freshly deleted data for a short period of time but, eventually, they have to wipe it away fully and permanently from their networks, systems, and caches.
Instagram promises permanent removal in 90 days
Instagram, like many other services out there, says it takes up to 90 days to remove deleted data completely from its systems. However, when independent security researcher Saugat Pokharel tried the company's tool to bulk-download all his content from the photo-sharing service, he found that Instagram also had private photos and direct messages he had deleted more than a year ago.
After reporting the issue, he won $6,000 bug bounty
In light of the matter, which surfaced in October 2019, Pokharel reported the issue to Instagram through the platform's bug bounty program. Now, several months later, the company has issued a fix for the glitch and rewarded the researcher with a bug bounty worth $6,000 (Rs. 4.5 lakh). The patch was released earlier this month, TechCrunch reported.
Glitch only tied to deleted photos and direct messages
While Instagram has not shared the exact specifics of the bug, it appears that the flaw only tied to photos and direct messages on the service. "The researcher reported an issue where someone's deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram," a company spokesperson said in a statement.
No evidence of abuse
The spokesperson also added that there is no evidence that the issue in question was abused in any way. Notably, more than a year ago, Twitter, which has been hit by major controversies lately, also had a similar glitch where users were able to download their long-deleted messages through the download data tool of the service.