Instagram kept deleted photos and messages on its servers for over a year

With the arrival of the GPDR for data protection and privacy, Instagram has set a new rule — if a user deletes photos or messages from his profile, they can only be stored on the servers for up to 90 days. However, an Instagram bug kept the deleted data longer, well over a year.

Security researcher Saugat Pokharel discovered the Instagram security bug in October 2019.

In 2018, Instagram included a tool under the European GDPR that entitles Europeans to access their data that allows users to download all their personal account data from servers.

Using this tool, in October 2019, Pokharel requested a copy of the photos and direct messages from the app, and the copy he subsequently received contained information that he had deleted more than a year ago.

Instagram has stepped up, claiming that this was due to a bug in its system that is now fixed, and Pokharel has been rewarded with an amount of $6,000 for discovering the problem.

According to Instagram, the problem did not go further, and there was no security breach.

Bhasker Das
Bhasker Das
Bhasker Das, with a master's in Cybersecurity, is a seasoned editor focusing on online security, privacy, and protection. When not decrypting the complexities of the cyber world, Anu indulges in his passion for chess, seeing parallels in strategy and foresight.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this stream