Twitter seems have been hit by yet another blow to its privacy and security reputation. The social media company has been found keeping data on direct messages that were deleted by users, despite stating that it does the opposite on its Help pages. Even more surprising is that DMs are being stored years after deletion, including those sent to or from accounts that were suspended or deactivated.
This situation was discovered by security researcher Karan Saini, reports TechCrunch, who found that the supposedly deleted data was accessible by downloading a copy of their Twitter data archive.
These deleted DMs can still only be retrieved via the data archive of the user that sent or received the message, so it’s not as bad as becoming public to everyone. However, Twitter’s website and app will both show that a message has been deleted, even when it’s by one side of the conversation, when that’s not the case at all.
Twitter has responded to the report, stating that it’s “looking into this further,” but it’s not clear if storing deleted messages is a bug or if the service was simply misleading users about removing data. This serves as a reminder to users that they shouldn’t trust social media to truly delete something, and only encrypted messaging should be used when privacy is a concern.