If you have ever deleted a direct message on Instagram, or a photo you posted, chances are you were thinking it’s gone off Instagram’s servers as well. As it turns out, a bug in Instagram was retaining deleted messages and photos even after they were deleted by the users.
The bug was found out by security researcher Saugat Pokharel. Pokharel used Instagram’s built-in data download feature to download a copy of his data from the company. However, he noticed that his data contained private direct messages and photos that he had deleted from his end over a year ago.
It’s not uncommon for companies to store deleted data for a short period of time on its servers. In fact, Instagram says that it takes the company up to 90 days to remove deleted items from its servers. However, that didn’t appear to be the case for the security researcher who was able to find photos and messages deleted over a year ago.
He reported the bug to Instagram in October 2019, and it was finally fixed by the company earlier this month. As a reward, Pokharel was awarded $6,000 by Instagram for spotting the bug. Meanwhile, an Instagram spokesperson said to TechCrunch, “The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram. We’ve fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us.”