Image credit: Mobile Syrup

According to TechCrunch via Digital Trends, security researcher Karan Saini divulged his findings of Twitter’s odd kink of not actually erasing user-deleted private messages, but rather just prevent them from appearing on their website and app.

Saini had even found direct messages linked to old accounts which were deleted. According to TechCrunch, Saini was able to access said messages via a bug that exploits deprecated APIs. These messages we’re retrievable even though they were deleted by both the sender and receiver.

According to Digital Trends, Twitter lets you recover a deleted account within 30 days of the action; upon exceeding the 30-day limit, Twitter, by right, should completely wipe all data linked to the account, including messages. This discovery has suggested that this is untrue.

Saini believes that this is a bug rather than a security flaw. But regardless of what it is, people’s privacies are at stake – whether Twitter are keeping messages deliberately or not, it begs the question if data is being kept and sold. Given the popularity, you’re talking about personal data belonging to millions of individuals being kept by one organization; now that’s sketchy.

0 0 vote
Article Rating
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments