The Facebook-owned photo-sharing app Instagram reportedly kept users’ deleted photos and messages for over a year according to an investigation by a security researcher.
TechCrunch reports that security researcher Saugat Pokharel recently requested a copy of photos and direct messages he had posted and sent from Instagram. What Pokahrel received was data that he had deleted more than a year ago, showing that this information was never removed from Instagram’s servers.
Instagram alleges that this was a bug that has since been fixed, and Pokharel has been awarded a $6,000 bug bounty for alerting the company to the issue. Pokharel discovered the bug in October last year and says that it was fixed earlier this month.
A spokesperson for Instagram told TechCrunch: “The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram. We’ve fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us.”
It is currently unclear how widespread this issue is and whether or no tit affects all Instagram users or just a small subset. Instagram has previously stated that it usually takes around 90 days to completely remove data once a user submits a request. However, security researchers have found similar issues with other services such as Twitter retaining direct messages between users for years that were deleted.
GDPR data laws in the EU mandate that citizens have a “right of access” to their data which allows them to request a copy of all the information a company stores on them within a reasonable amount of time. The Verge tested how easy this process was and found that the information that you receive from tech firms is not always self-explanatory but the information provided by Instagram is relatively easy to sort through.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com
COMMENTS
Please let us know if you're having issues with commenting.