Instagram’s enable users to delete old or unwanted content on the platform but it appears that the company was not forthcoming about keeping deleted pictures and private direct messages on its servers in the last year. An independent security researcher Saugat Pokharel discovered that Instagram stored users deleted content without their knowledge and consent.
Pokharel discovered the bug in October last year and says it was fixed earlier this month. Instagram did acknowledge the faulty bug and claims that the issue has been resolved via an update. Interestingly, the company rewarded Pokharel rewarded a sum of $6,000 for bringing this problem forth.
Instagram stored deleted data for more than a year
Last year, when Pokharel downloaded an archive of his account’s data using Instagram’s ‘Data Download’ tool, he discovered that the file also contained images and private messages he had deleted more than a year prior. Although the deleted pictures were not visible on his profile, they were still present on Instagram’s servers. A spokesperson for the social media company told TechCrunch that,
“The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram. We’ve fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us.”
However, the company still has not made it clear whether it has deleted the photos and messages of users from its server. It simply states that the presence of deleted pictures/videos/ messages in Pokharel’s archived data was an accident.
The social media platform launched this feature in 2018 to comply with new European data rules, which states that EU citizens have a right to access all the information a company stores on them. Users can download images, videos, archived stories, profile, account information, and more. Instagram users can access the ‘Data Download’ option by visiting a download request link or in the privacy settings of the app.
Twitter also came under fire for a similar issue last year when a security researcher discovered, through Twitter’s data download tool, that the company had kept direct messages that users had deleted on its servers for many years. Therefore, such discoveries reiterate the need for users’ literacy on their privacy and security and the demand for laws to ask shady companies to be transparent.