KEY POINTS

  • Instagram kept DM and photos on its servers which were deleted for over a year
  • The issue was discovered by a security researcher
  • Instagram said the issue is caused by a bug and is now fixed

A security researcher discovered that the photo-sharing app Instagram retained private messages and photos even if they were deleted for over a year. This is alarming since most IG users these days are confident that whatever they deleted were already lost in the app. Fortunately, Instagram said that the issue is now fixed.

Instagram Bug

Instagram earlier said that it awarded security researcher Saugat Pokharel $6,000 for his recent discovery. It turns out that Pokrahel requested a copy of photos and direct messages from the app. He was surprised when he received data from those he deleted a year ago, which means that the information was not totally removed on the app’s servers.

It is not surprising that companies keep freshly deleted data for a particular length of time until it could be properly removed from its network, cache or system. On the part of Instagram, it takes around 90 days for these deleted data to be totally scrubbed from its systems. In a report released by Techcrunch, the security researcher reported the bug in October last year through the app’s bug bounty program.

Instagram is adding video clips in an attempt to muscle in on TikTok's boom Instagram is adding video clips in an attempt to muscle in on TikTok's boom Photo: AFP / LOIC VENANCE

The said Instagram bug that keeps deleted data was fixed in August 2020. “The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram. Instagram said in a statement to the site. “We’ve fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us,” assured the photo-sharing app.

Other Details

It is not known if the issue is an isolated case or widespread that affected all Instagram users. This problem is not uncommon though. Several security researchers have stumbled upon similar issues with other apps in the past. Twitter has a similar issue, which kept direct messages between users, even if they were already deleted for years.

Although there is no reason to doubt explanations of companies affected by this issue, it highlights the need for transparency and user control, particularly in the policy concerning private messages and photo deletion.