Twitter lets users delete direct messages from their own side of the conversation (the recipient will still get to keep a copy, unless they also choose to delete it). But it turns out, those deleted messages aren’t really getting removed at all, according to a report from security researcher Karan Saini, via TechCrunch.
It turns out that despite showing that the message was deleted, Twitter still stores all those DMs dating back years. Folks can access this simply by downloading the archived data on their account from Twitter. Saini confirms that even messages sent to and from deleted or suspended accounts are still accessible.
Now, this isn’t the most concerning of bugs — the data appears to only be available to the user that sent or received the message, but the fact that Twitter isn’t deleting the messages when it says that it is, isn’t a great look for the company. Twitter is at least aware of the issue, commenting to TechCrunch that it was “looking into this further to ensure we have considered the entire scope of the issue,” but that’s no guarantee that anything will change.
It turns out that despite showing that the message was deleted, Twitter still stores all those DMs dating back years. Folks can access this simply by downloading the archived data on their account from Twitter. Saini confirms that even messages sent to and from deleted or suspended accounts are still accessible.
Now, this isn’t the most concerning of bugs — the data appears to only be available to the user that sent or received the message, but the fact that Twitter isn’t deleting the messages when it says that it is, isn’t a great look for the company. Twitter is at least aware of the issue, commenting to TechCrunch that it was “looking into this further to ensure we have considered the entire scope of the issue,” but that’s no guarantee that anything will change.
No comments:
Post a Comment