Page Loader
Twitter doesn't remove direct messages even when you delete them

Twitter doesn't remove direct messages even when you delete them

Feb 16, 2019
01:35 pm

What's the story

In a major surprise, a security researcher has discovered Twitter doesn't really remove direct messages from its servers even when you delete them. Karan Saini downloaded the archived data for his account and found that the company has been storing deleted DMs dating years back. So, if you've been thinking your DMs are gone for good, you're probably wrong. Here's more on the issue.

Issue

Years-old deleted direct messages accessed

When you delete a DM, the idea is that the message goes away from your side of the conversation as well as from Twitter's servers. So, technically, if both parties engaged in a conversation delete DMs, they should go away completely from the company's servers. But, Saini discovered that's not the case; deleted messages can be accessed through a file in archived Twitter data.

Added issue

Plus, data from deactivated accounts can also be accessed

Along with deleted messages, Saini also found that DMs sent to and from accounts that have been suspended and deactivated can also be accessed, TechCrunch reported. This is in stark contrast of Twitter's policy which claims once an account has been deleted and deactivated, the account in question and the data associated with it is removed permanently after a 30-day-long grace period.

Twitter's response

Twitter is looking into the matter

Though the issue is not major because deleted DMs can only be accessed by the parties involved in the conversation, it does raise some concerns. Saini maintained it is a "functional bug" and not a security flaw. Meanwhile, Twitter has acknowledged the issue and said it is "looking into this further to ensure we have considered the entire scope of the issue."

Information

Twitter, too, has been marred by bugs

Lately, Twitter has been dealing with several bugs. First, it is the message spoofing issue that let anyone send tweets via mobile; then it was the bug that made protected tweets public for several users, and now, there's this issue.