Twitter doesn't remove direct messages even when you delete them
In a major surprise, a security researcher has discovered Twitter doesn't really remove direct messages from its servers even when you delete them. Karan Saini downloaded the archived data for his account and found that the company has been storing deleted DMs dating years back. So, if you've been thinking your DMs are gone for good, you're probably wrong. Here's more on the issue.
When you delete a DM, the idea is that the message goes away from your side of the conversation as well as from Twitter's servers. So, technically, if both parties engaged in a conversation delete DMs, they should go away completely from the company's servers. But, Saini discovered that's not the case; deleted messages can be accessed through a file in archived Twitter data.
Along with deleted messages, Saini also found that DMs sent to and from accounts that have been suspended and deactivated can also be accessed, TechCrunch reported. This is in stark contrast of Twitter's policy which claims once an account has been deleted and deactivated, the account in question and the data associated with it is removed permanently after a 30-day-long grace period.
Though the issue is not major because deleted DMs can only be accessed by the parties involved in the conversation, it does raise some concerns. Saini maintained it is a "functional bug" and not a security flaw. Meanwhile, Twitter has acknowledged the issue and said it is "looking into this further to ensure we have considered the entire scope of the issue."
Lately, Twitter has been dealing with several bugs. First, it is the message spoofing issue that let anyone send tweets via mobile; then it was the bug that made protected tweets public for several users, and now, there's this issue.
