Skip to main content

Twitter keeps your direct messages, even years after you delete them

Twitter is keeping copies of direct messages sent through the social network even years after users delete them, according to security researcher Karan Saini.

Saini, who told TechCrunch that he harbored “concerns” over the long retention of data, found old direct messages for Twitter accounts that were already taken down in an archive acquired through the social network’s website  He also revealed a previously undisclosed bug that allows him to use a since-deprecated API to retrieve the direct messages even after they were deleted by both the sender and the recipient.

Twitter’s privacy policy claims that it is possible for users to restore their accounts for 30 days after deactivation, in case the move to cancel was a mistake. After the 30-day period, Twitter supposedly deletes the data associated with the account, including the direct messages. However, this is apparently not the case, according to Saini’s discovery.

TechCrunch’s own tests confirmed that it is possible to recover DMs from years ago, including those that were made by suspended and deleted accounts. Saini also tweeted a clarification on what his findings meant for the regular user.

Folks are having some trouble understanding this, so here is a short summary:
DMs are never “deleted”—rather only withheld from appearing in the UI. The archive feature lets you view these DMs, as well as any others with now suspended, or deactivated users

— Karan Saini (@iasni) February 16, 2019

Saini refers to the issue as a “functional bug,” instead of a security flaw, but it is also a privacy matter, as Twitter seemingly has a different definition of delete compared to its users. When users delete their Twitter accounts or their direct messages on the social network, the expectation is that the data is gone for good, not floating around in archives, waiting to be retrieved.

Twitter previously had trouble with direct messages, with a security bug revealed last year that possibly routed messages sent to business accounts to registered developers. Twitter also just recently suffered a privacy scare, when a bug fix for the app on Android devices somehow changed settings for private tweets for some users, exposing them to the public.

Twitter, one of the world’s most prominent social networks, makes it easier to share thoughts and to communicate with friends. However, the privacy and security issues are among the many reasons for users to be mindful of what they do with social media.

Editors' Recommendations

Aaron Mamiit
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
LG not only wants to keep your leafy greens fresh, but help you grow them too
Lg Indoor Garden

This story is part of our continuing coverage of CES 2020, including tech and gadgets from the showroom floor.

Indoor gardens seem like something more at home at CES 2000 than CES 2020. But electronics maker LG doesn't think the idea of indoor gardening is past its prime and is showing off an indoor gardening system that can be attached to the side of its refrigerators.

Read more
Update your Twitter app right now if you’re on Android
Hand holding a Twitter phone

Twitter says it has patched a vulnerability inside its Android app that could have potentially let malicious actors view information of private accounts and take over profiles through an intricate back-end process. If a hacker managed to exploit the loophole, they could send direct messages and tweets on the target account’s behalf.

The social network claims so far it hasn’t discovered any affected user, nor found evidence of whether a third-party service has taken advantage of the bug. However, Twitter is reaching out to the people whose details may have been exposed. It’s unclear how long the vulnerability was left out in the open. The issue is not present on Twitter’s iOS app.

Read more
Twitter’s new Privacy Center lets you know what’s happening with your data

Twitter says it wants to be more upfront about the way it handles user data, and has launched a new Privacy Center with that goal in mind.

Admitting that “we have room for improvement” when it comes to communicating with its users about how it protects their privacy, Twitter on Monday explained what the new Privacy Center is all about.

Read more