Instagram Kept Deleted Photos and Messages For A Year Without Anyone Knowing

Instagram has handed out a sizeable $6,000 bug bounty payment to a security researcher who found that it was retaining photos and direct messages even though they had been deleted for more than a year.

The researcher, Saugat Pokharel, downloaded a copy of their data and found that there was content within it that had been deleted.

And while some might automatically assume that the reason for the data retention was malicious, Instagram instead says that it was simply a bug, rather than something that happened by design.


“The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram,” a spokesperson for Instagram told TechCrunch. “We’ve fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us.”

Now that the bug has been fixed it shouldn’t be an issue from now on, although bugs have been known to rear their heads again even after being squashed once.

This, of course, is the whole reason companies like Instagram run their bug bounty program. If security researchers aren’t rewarded for their work by the company in question, they’re more likely to hand their findings over to someone who intends to misuse them.

You may also like to check out:

You can follow us on Twitter, or Instagram, and even like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple, and the Web.