instagramlogoInstagram has awarded a security researcher a $6,000 bug bounty payout after he found photos and private direct messages on the platform's servers that he had deleted more than a year ago (via TechCrunch).

Saugat Pokharel discovered that his content hadn't been removed in October after downloading a copy of his data from the photo-sharing app. Instagram introduced the download option two years ago to comply with the European Union's data privacy GDPR regulations.

Instagram said the reason Pokharel's information had never been entirely removed from its servers was down to a bug that it's now fixed.

"The researcher reported an issue where someone's deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram," a spokesperson for Instagram told TechCrunch. "We've fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us."

The issue is almost identical to one that Twitter fixed last year, in which a security researcher discovered years-old messages in a file from an archive of data from an account that was no longer active.

Although the retrieval of deleted data was bug-related in both cases, it's worth remembering that when you opt to delete content from social media accounts, it can still hang around on company servers for some time.

Twitter says that accounts that are deactivated and deleted are removed along with all of their data after 30 days, while Instagram says it takes about 90 days for deleted data to be fully removed from its systems.

Top Rated Comments

-BigMac- Avatar
37 months ago
Haha another convenient “bug”, not deleting peoples privacy. Isnt this some sort of breach?
Score: 25 Votes (Like | Disagree)
architect1337 Avatar
37 months ago
Very easy to fix.

While (RequestForDownload == TRUE; DO
IF (OBJECT == 'MarkedForDeletion')
THEN ExcludefromDownload==TRUE;
DONE
END;
Score: 18 Votes (Like | Disagree)
calstanford Avatar
37 months ago
F...ing Facebook is even worse. I deleted all my images from way back when and GUESS WHAT. It shows me images from 10 years ago in their "Remember this" section
Score: 14 Votes (Like | Disagree)
12643 Avatar
37 months ago
The bug isn’t that they failed to delete the photos; that behavior is intentional. The bug is including the evidence in your data download.

Just read their own words “The researcher reported an issue where someone's deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram”
Score: 13 Votes (Like | Disagree)
martyjmclean Avatar
37 months ago

F...ing Facebook is even worse. I deleted all my images from way back when and GUESS WHAT. It shows me images from 10 years ago in their "Remember this" section
Instagram and Facebook are the same company...
Score: 12 Votes (Like | Disagree)
ruka.snow Avatar
37 months ago
Yet we are all up in arms over TikTok when it is these American companies that keep getting caught doing scummy things.
Score: 9 Votes (Like | Disagree)