Twitter caught storing DMs years after being deleted

Twitter seems have been hit by yet another blow to its privacy and security reputation. The social media company has been found keeping data on direct messages that were deleted by users, despite stating that it does the opposite on its Help pages. Even more surprising is that DMs are being stored years after deletion, including those sent to or from accounts that were suspended or deactivated.

This situation was discovered by security researcher Karan Saini, reports TechCrunch, who found that the supposedly deleted data was accessible by downloading a copy of their Twitter data archive.

Twitter users are only able to delete direct messages that they send, with the recipient still keeping a copy, so even on the surface the feature isn't exactly the most private. But the social network's privacy policy states that if a user deactivates their account, all their data is truly deleted. It seems reasonable to assume this would also be the case for DMs that both sides of a conversation have chosen to delete.

These deleted DMs can still only be retrieved via the data archive of the user that sent or received the message, so it's not as bad as becoming public to everyone. However, Twitter's website and app will both show that a message has been deleted, even when it's by one side of the conversation, when that's not the case at all.

Twitter has responded to the report, stating that it's "looking into this further," but it's not clear if storing deleted messages is a bug or if the service was simply misleading users about removing data. This serves as a reminder to users that they shouldn't trust social media to truly delete something, and only encrypted messaging should be used when privacy is a concern.