tech2 News StaffFeb 18, 2019 12:06:12 IST
If you thought deleting your messages years ago meant no history or trace of them on Twitter then you have been proven wrong. A security researcher has discovered that after deleting Direct Messages, the company can still access the data even after years.
Researcher Karan Saini revealed in his report that Twitter retains Direct Messages for years, including messages you and others have deleted. That's not all. Twitter also secures data sent to and from accounts that have been deactivated and suspended.
Following the security researcher's lead, the publication also conducted its own tests confirming that it is indeed possible to recover DMs from years ago, including those that were made by suspended and deleted accounts. Saini also tweeted a clarification on what his findings meant for the regular user.
Folks are having some trouble understanding this, so here is a short summary:
DMs are never “deleted”—rather only withheld from appearing in the UI. The archive feature lets you view these DMs, as well as any others with now suspended, or deactivated users https://t.co/IXRdT6G9i6
— Karan Saini (@iasni) February 16, 2019
The researcher also found a bug that allowed him to an old API to retrieve direct messages even after it had been deleted from both parties.
Saini does explain that this is more of a functional bug rather than a security flaw. However, it still leaves the gates open for malicious users to trespass security loopholes and access accounts that have been suspended or deactivated for confidential data.
Twitter is aware of the issue and has issued a statement to TechCrunch stating that the company was "looking into this further to ensure we have considered the entire scope of the issue."
Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to Tech2.com/Whatsapp and hit the Subscribe button.