Uh-oh, this doesn’t look good.
You know how when you delete a Twitter DM and you’re expecting it to, like, be erased and non-retrievable ever again? Turns out Twitter’s still keeping archives of deleted DMs according to a security researcher who shared his discovery with TechCrunch.
Speaking with TechCrunch, security researcher Karan Saini discovered he was able to retrieve old Twitter DMs he had deleted years ago.
Saini says he found his old deleted Twitter messages from recipient archive folders belonging to Twitter accounts that were deleted. Twitter lets senders delete their DM messages, but the messages are only deleted from their end and not the recipient’s (and vice versa).
“DMs are never ‘deleted’—rather only withheld from appearing in the UI,” Saini said on Twitter after TechCrunch published the story. “The archive feature lets you view these DMs, as well as any others with now suspended, or deactivated users.”
He was also able to use a now-deprecated Twitter API to recover old direct messages from both the sender and recipient.
Previously, it was possible to use the “direct_messages/show” endpoint (which is now deprecated) for the same purpose. I submitted the report for this to Twitter in January of 2018, and at the time, the team accepted the residual implications of the issue.
— Karan Saini (@iasni) February 16, 2019
After 30 days, if a user hasn’t restored their account, the data should be gone… for good. Except Saini and TechCrunch’s findings insist this isn’t the case. TechCrunch reporters said they were able to “recover direct messages from years ago — including old messages that had since been lost to suspended or deleted accounts.” One example showed they were able to retrieve deleted messages from 2016.
Mashable has reached out to Twitter for clarification on why the company’s still keeping archives to DMs that were deleted years ago and we’ll update this story if we receive a response.
As it stands, this discovery is another reason to be mindful of the amount of data social media services collect. Social media platforms like Twitter make it easier than ever to share and communicate with others instantly, but the extent of their reach is now being contested. Can you really trust a company that that doesn’t delete your data when you think you’ve deleted it?