In one of Twitter‘s data archives, it was revealed the social media giant continues to hold onto users’ direct messages for several years, while users operate under the assumption that they’ve been deleted, security researcher Karan Saini tells TechCrunch.
What’s more? Twitter has been retaining direct messages from accounts that were deactivated or suspended.
Twitter’s own privacy policy says that after a user deactivates their account, their data will be scrubbed from the firm’s servers after 30 days.
Saini further adds he has concerns about how long the data is being held onto by Twitter.
Users can see for themselves that Twitter retained deleted DMs by downloading a copy of archived data from their account.
The security researcher stopped short of calling this issue a security flaw; rather, it’s more likely a ‘functional bug,’ according to TechCrunch.
It’s also a reminder that even when users think something is permanently deleted, that may not always be the case.
A Twitter spokesperson tells TechCrunch that the firm is investigating the issue.
It’s just the latest example of Twitter coming under fire for how it handles users’ data. Last month, Twitter revealed that a bug caused some users’ protected tweets to become publicly available without their knowledge.
The glitch was believed to date back as far as four years, according to the firm.
When a user enables the Protect your Tweets feature’, it hides them from public view.
“We recognise and appreciate the trust you place in us, and are committed to earning that trust every day,’ the company says.
“We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again.”
Affected users have been notified, but the social network is urging people to review their account’s privacy settings as it is not able to confirm every account using Android that may have been affected.
All of them are like that, they dish to us what we want and hide the rest. Invading people’s privacy