Instagram retained user deleted photos and private messages for over a year

A bug in the Instagram application let the Facebook-owned photo sharing app retain the photos and private messages of the users on the application’s server even after deletion from the user end. The bug came to light when a security researcher flagged it in October last year. The bug was flagged in one of Instagram’s bug bounty programmes. Upon being informed about one of its servers storing the deleted date, the company not only fixed the bug but also rewarded the security researcher who flagged the bug handsomely. The security researcher was awarded with $6000 which roughly translates to Rs 4.5 lakh.

While it is usual for the social media applications to take some time in completely erasing the data from its servers after it has been deleted by the users, in this case the server of the application had access to the data for more than a year after its deletion from the user’s end. The matter came to light when independent security researcher Saugat Pokharel found that his deleted data was still available on the server of the application. After the matter was brought to the light of the Instagram team, the company awarded Pokharel for his vigilance and flagging the bug. However, the company later said that the storage of the private data of users was unintentional and there had been no evidence of its misuse. The spokesperson also said that it completely erases the data of its users from all its servers with a period of 90 days.

Amidst the huge privacy and data breach concerns on social media platforms, the company in a bid to assure its users brought the Data Download Tool in the year 2018. The tool allowed the application users to export their photos, videos, comments, and other vital information available on the application.