Instagram kept deleted photos, messages on its servers for more than a year
Ideally, Instagram is supposed to delete these files after 90 days, the files were retained on the server due to a bug that has now been fixed.
While we expect that something we have deleted on Instagram to be deleted forever, a bug made it otherwise. Security researcher Saugat Pokharel requested a copy of photos and direct messages from Instagram and he was sent data that he had deleted more than a year ago. This indicated that the information has never entirely been removed from the Instagram servers.
Instagram said that this happened due to a bug in the system that has now been fixed and Pokharel was rewarded $6,000 bug bounty for highlighting the issue.
Now, Pokharel discovered the bug in October last year, but it was fixed only earlier this month.
A spokesperson from Instagram told TechCrunch that a researcher had reported an issue where someone’s deleted pictures and messages were included in a copy of their information if they used the ‘Download Your Information’ tool on the app.
Instagram said they have fixed the issue and found no evidence of abuse.
It is not clear whether this issue affected all Instagram users or if only a few were affected, but it is not an uncommon occurrence.
Whenever data is deleted from any online service, there is usually a lag of some time before the data is removed from the servers. For Instagram, the platform says it takes around 90 days to completely remove data. And Instagram is not the only app, researchers have found issues with other apps too in the past like Twitter retained DMs for years after they were deleted.
However, in this case the issue was exposed only because Pokharel had the option to download a copy of the data from Instagram.