You expect it to be gone for good when you delete something from Instagram. But when security researcher Saugat Pokharel asked the photo-sharing app to have photocopies and direct messages, data he deleted more than a year ago was transmitted, showing that the information had never been completely removed from server Instagram.
Instagram says this has now been fixed because of a bug in its system and Pokharel received a $6,000 bug bounty to highlight the problem. Pokharel found out about the bug last October and said it has been fixed at the beginning of this month. TechCrunch reported it.
The researcher reported that if someone deleted Instagram images and messages from them use our Download Your Information tool on Instagram, they would be included in a copy of their information, an Instagram vocalist told TechCrunch. We fixed the problem and saw no proof of abuse. We are grateful to the investigator for reporting this to us.
The widespread nature of this problem and whether it affected all or a subgroup of Instagram users, is not clear, but certainly not an unusual problem. Every time we remove data from on-line services, there is generally a time lag before the data is removed completely from the servers of the website. In Instagram, the company usually says that the complete removal of data takes about 90 days. However, in the past, safety researchers have found similar problems with other services, including Twitter, which kept direct messages between users years after supposedly being deleted.
This was because Pokharel could download a copy of his Instagram data. The problem has only been exposed in this case. This download tool was launched in 2018 by the Facebook-owned company to comply with EU GDPR data protection regulations.
GDPR requires EU citizens to have a "right of access" to their data, so they can request copies, within a reasonable period, of all the information that they receive from their companies. As we have found with our experiments, the information you receive isn't always self-explaining, but it's easy to sort out with Instagram.
It is also the only easy way to find out whether companies keep their data long after they have been requested to delete it.