Twitter is keeping copies of direct messages sent through the social network even years after users delete them, according to security researcher Karan Saini.
Saini, who told TechCrunch that he harbored “concerns” over the long retention of data, found old direct messages for Twitter accounts that were already taken down in an archive acquired through the social network’s website He also revealed a previously undisclosed bug that allows him to use a since-deprecated API to retrieve the direct messages even after they were deleted by both the sender and the recipient.
TechCrunch’s own tests confirmed that it is possible to recover DMs from years ago, including those that were made by suspended and deleted accounts. Saini also tweeted a clarification on what his findings meant for the regular user.
Folks are having some trouble understanding this, so here is a short summary:
DMs are never “deleted”—rather only withheld from appearing in the UI. The archive feature lets you view these DMs, as well as any others with now suspended, or deactivated users https://t.co/IXRdT6G9i6
— Karan Saini (@iasni) February 16, 2019
Saini refers to the issue as a “functional bug,” instead of a security flaw, but it is also a privacy matter, as Twitter seemingly has a different definition of delete compared to its users. When users delete their Twitter accounts or their direct messages on the social network, the expectation is that the data is gone for good, not floating around in archives, waiting to be retrieved.
Twitter previously had trouble with direct messages, with a security bug revealed last year that possibly routed messages sent to business accounts to registered developers. Twitter also just recently suffered a privacy scare, when a bug fix for the app on Android devices somehow changed settings for private tweets for some users, exposing them to the public.
Twitter, one of the world’s most prominent social networks, makes it easier to share thoughts and to communicate with friends. However, the privacy and security issues are among the many reasons for users to be mindful of what they do with social media.
- X seems to have deleted years of old Twitter images
- You no longer have an excuse to forget alt text on your Twitter photos
- Instagram kept pictures and private DMs long after users deleted them
- The Off-Facebook Activity tool lets you take control of your shared data
- Twitter may let you select who can reply to your tweets