Skip to main content

Instagram kept pictures and private DMs long after users deleted them

Instagram’s delete buttons may not have functioned as you intended them to in the last year. Independent security researcher Saugat Pokharel discovered that Instagram (via TechCrunch) kept copies of deleted pictures and private direct messages on its servers, even after someone removed them from their account.

Last year, when Pokharel downloaded an archive of his Instagram account’s data, he found that the file also contained images and messages he had deleted more than a year earlier — suggesting that while these pictures weren’t visible on his profile, they were still present on Instagram parent Facebook’s servers.

In a statement, Instagram told Digital Trends that the issue was patched in November 2019, shortly after Pokharel reported it and it has “seen no evidence of abuse.” “The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram,” added an Instagram spokesperson.

Oddly enough, in the statement, Instagram doesn’t address whether it has now gotten rid of its users’ old pictures and messages. It simply says that their presence in Pokharel’s archive was an accident. We’ve reached out to Instagram for more information and we’ll update the story when we hear back.

It’s important to note that, similar to Facebook, Instagram takes up to 90 days to clear your data from its servers after you’ve pressed the delete button. However, in one of its data policies, Facebook says “copies of your information may remain after the 90 days in backup storage that we use to recover in the event of a disaster, software error, or other data loss event. We may also keep your information for things like legal issues, terms violations, or harm prevention efforts.”

Facebook awarded Pokharel a sum of $6,000 after he reported the incident through the company’s bug bounty program, an initiative that rewards researchers for unearthing security bugs that Facebook’s team may have missed.

This isn’t the first time a social network has retained its users’ deleted data. A year ago, another security researcher, through Twitter’s data download tool, discovered that it kept direct messages users had deleted on its servers for years.

Editors' Recommendations

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
First picture of NASA astronauts after historic Crew Dragon splashdown
first photo of nasa astronauts after crew dragon splashdown

NASA astronauts Bob Behnken and Doug Hurley have safely returned to Earth after splashing down in the SpaceX’s Crew Dragon capsule in the Gulf of Mexico near Pensacola, Florida, at 2:48 p.m. ET on Sunday, August 2.

The pair, who were returning from a two-month stay aboard the International Space Station (ISS), were met by crew from a recovery vessel soon after landing in the water, with a photographer capturing a shot of Behnken and Hurley still secured in their seats shortly before the pair were helped out of the capsule.

Read more
Zuckerberg to tell Congress that Instagram, WhatsApp needed Facebook to succeed
Zuckerberg Testimony Congress

Facebook founder and chief executive Mark Zuckerberg plans to tell Congress Wednesday in a highly anticipated antitrust hearing that Instagram and WhatsApp, both owned by the company, would not have been able to succeed without his company's resources, according to a report in CNBC.

“Facebook has made Instagram and WhatsApp successful as part of our family of apps,” Zuckerberg said in a prepared statement -- which was first obtained by The New York Times.

Read more
iOS 14 camera indicator turns on when browsing Instagram; bug fix on the way
instagram interactions likes comments drop decrease

The security features of Apple's iOS 14 revealed unexpected behavior with the Facebook-owned Instagram app, a fix for which is on the way after being declared a bug.

The iOS 14, which is still in public beta, issues notifications whenever an app is accessing certain iPhone components. This is apparently the case with Instagram, as reports claimed that the camera indicator is turning on while using the app, even when just browsing through feeds and not taking photos.

Read more