When you remove something from Instagram, you expect it to disappear. But when security researcher Saugat Pokharel requested a copy of photos and messages directly from the photo-sharing app, he received data that he had deleted over a year ago, which shows if this information is available. never been completely removed from Instagram’s server.
Instagram said this was due to a bug in its system that has now been fixed and Pokharel was awarded a $ 6,000 bonus for the bug for stating the problem. As reported by TechCrunchPokharel discovered the bug in October of last year and said it was fixed earlier this month.
“Researcher reported an issue where someone’s Instagram deleted photos and messages would be included in their copy if they used their Download your info on Instagram tool. me, ”an Instagram spokesperson said TechCrunch. “We fixed the issue and found no evidence of abuse. We thank the researcher for reporting this problem to us.
It’s not clear how common the issue is and whether it affects all Instagram users or just a small group of them, but it’s certainly not an uncommon issue. Whenever we remove data from online services, there will usually be a delay for an indefinite amount of time before the data is completely deleted from the website’s server. As for Instagram, the company says it usually takes about 90 days to completely erase the data. But security researchers have discovered similar problems with other services in the past, including Twitter, which held messages directly between users for years after they were supposed to be. deleted.
In this case, the problem is only exposed because Pokharel has the option of downloading a copy of its data from Instagram. The Facebook-owned company introduced this download tool in 2018 to comply with EU data privacy GDPR regulations.
The GDPR requires EU citizens to have “access” to their data, allowing them to request copies of all information the company stores on it within a reasonable amount of time. As we noticed with our tests exercising this right, the information you get isn’t always self-explanatory, but in the case of Instagram it’s easy enough to organize. This is also the only easy way to find out if companies have kept your data long after you asked them to delete it.