Site icon Xanjero

Security Researcher Discovers Twitter can Hold Onto Deleted DMs for Years

Twitter retains deleted DMs

Twitter retains deleted DMs for years at a time, according to a recent report, even from abandon profiles or shut-down user accounts…

Deleting something doesn’t necessary permanently erase it. And, when it comes to direct messages sent through Twitter, that could well be the case for just about anyone.

Security researcher Karan Saini, recently told TechCrunch he stumbled on supposedly deleted DMs, which were years-old.

Twitter Retains Deleted Direct Messages for Years

Turns out, this holds true for deleted DMs, even of abandon or deactivated accounts. Plus, these can go back for years. Additionally, it’s possible for users to find their own. Access exists right inside the Settings menu

Following-up on the tip, TechCrunch tried it and confirmed Saini’s findings. The publication sifted through an archive, finding a deleted conversation from a suspended account dated back in March of 2016.

That’s not all. Saini found those same archives can contain messages deleted by another party — recipient or sender. So, it looks like Twitter holds onto deleted DMs, regardless of who deletes them.

Perhaps what’s most interesting, is this isn’t a security flaw. Rather, it’s a bug in the functionality of the system itself. Regardless, this remains a privacy issue.

Twitter has since stated that it is “looking into this further to ensure [the company has] considered the entire scope of the issue.”

Exit mobile version