Instagram bug kept deleted photos and private messages for more than a year


In case you are not aware, Instagram users can download a copy of their data which can include your photos, comments, profile information and many other things from the app platform. Instagram collects this data requested and sends it to your provided email address. User can navigate by following below steps to download a local copy of account data:

  1. Open Instagram
  2. Go to you profile page
  3. Tap the top-right corner on three horizontal bars to open the settings panel. Tap on ‘Settings’
  4. Go to Security and under the ‘Data and History’ section you will find the ‘Download Data’ option.
  5. Provide your email address where Instagram can share a copy of your entire account data.

Instagram has introduced the feature of Data Download in 2018 to comply with the EU’s data privacy GDPR regulations. GDPR mandates that EU citizens have a “right of access” to their data, allowing them to request a copy of all the information a company stores on them within a reasonable amount of time. Company’s data retention policy says that it takes around 90 days to completely remove user data from their systems. This is common among many companies since they keep freshly deleted data for a while after it has been deleted.

Recently an independent security researcher Saugat Pokharel requested a copy of photos and other account data from Instagram, while he was sent data that he had deleted more than a year ago. This bug reveals that data had never been entirely removed from Instagram’s servers.

Instagram said that the bug in its system is now fixed and Saugat has been awarded a $6000 (approx Rs 4,50,000) as part of their bug bounty program. TechCrunch reported that the bug was discovered by Saugat in October last year and Instagram fixed it earlier this month.

“We’ve fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us.” – Instagram

By LTR Admin

Leave a Reply

Your email address will not be published. Required fields are marked *