Twitter Has Been Keeping Deleted DMs for Years

[MacRumors]

If you've deleted your DMs, they may be unavailable on your phone and on the web, but Twitter is still saving them, according to data from security researcher Karan Saini that was shared today by TechCrunch.

Twitter also keeps direct messages and data sent to and from accounts that have either been deactivated or suspended, according to Saini, who discovered years-old messages in a file from an archive of data from an account that was no longer active.

A bug in a now-deprecated API used to allow him to get direct messages even after a message was deleted by both sender and recipient.

Twitter says that accounts that are deactivated and deleted are removed along with all of their data after 30 days, but TechCrunch found that's not the case.

But, in our tests, we could recover direct messages from years ago -- including old messages that had since been lost to suspended or deleted accounts.

Twitter lets you download all of the data associated with your account, even a suspended or deactivated account, which lets you see everything that the company is storing.

Saini told TechCrunch this is a "functional bug" that lets people bypass Twitter mechanisms to prevent access to these kind of accounts, but as TechCrunch points out, it's also a reminder that delete doesn't mean delete when it comes to direct messages.

Twitter told TechCrunch that it is "looking into this further to ensure we have considered the entire scope of the issue."

Article Link: Twitter Has Been Keeping Deleted DMs for Years

 

[AlexH]

Why am I not surprised...

 

[826317]

Does this actually surprise anyone though?

 

[PotatoLeekSoup]

So Zuckerbergian. I am so shocked. /s

 

[AngerDanger]

Why not give this a positive spin and say that Twitter is building the largest database of… anatomical images?

 

[TrenttonY]

I love how when tech companies are caught doing nefarious things they blame it on a pesky bug.

These darn bugs keep happening!

 

[Apple_Robert]

Does Twitter want us to believe that they didn't know they were storing DM's that were supposed to have actually been deleted? Sure sounds like it. I do not have any real faith in Twitter. Looks to me like they got caught and are looking for a PR spin.

 

[dumastudetto]

Why is it only Apple can be trusted with our data?

 

[Jimmy Bubbles]

Project Veritas already busted this WIDE open a year ago. When I worked at Apple as a technician, doing data transfers, people would get reprimanded if not fired for snooping through/saving peoples' most intimate conversation/photos. Twitter just seems to be a bunch of creepy pervs.
[doublepost=1550260948][/doublepost]

Why is it only Apple can be trusted with our data?

Or is it just all marketing? hmm...

 

[rafark]

Of course it keeps them. It's a common practice in web systems not to destroy an entity when requested, but instead set it as non-public.

 

[milkrocket]

Of course it keeps them. It's a common practice in web systems not to destroy an entity when requested, but instead set it as non-public.

Exactly! Data is very rarely deleted from databases.

 

[StevieD100]

The EU GDPR people will be interested in this. This is a clear violation when deleted accounts are not actually gone.
IANAL etc

 

[ImAnAgent]

Why is it only Apple can be trusted with our data?

You don't really believe that do you?Apple isn't that innocent.

 

[Kabeyun]

Yet another reminder why I’m happy I’ve never been a Twit or participant in any other social network except my own.

 

[Vanilla35]

Project Veritas already busted this WIDE open a year ago. When I worked at Apple as a technician, doing data transfers, people would get reprimanded if not fired for snooping through/saving peoples' most intimate conversation/photos. Twitter just seems to be a bunch of creepy pervs.
[doublepost=1550260948][/doublepost]
Or is it just all marketing? hmm...

It's 90% marketing. They have "better" methods of collection and maybe encryption, but it's most definitely fluff. Most of the same rules apply to apple that apply to any other tech company. But if people are convinced it's more secure, then they will feel more comfortable with using their products.

 

[calzon65]

Why am I not surprised

 

[mikethemartian]

Dungeon Masters?

 

[12vElectronics]

I assumed this has always been happening lol. Isn't Facebook open about it? Like everything you post is now their property and they can do with it as they please?

 

[dumastudetto]

You don't really believe that do you?Apple isn't that innocent.

Their perfect track record speaks for itself.

 

[MattMJB0188]

Their perfect track record speaks for itself.

"Perfect track record" LMAO!!! Wow your credibility just went out the window.

 

[341328]

I love how when tech companies are caught doing nefarious things they blame it on a pesky bug.

These darn bugs keep happening!

Yeah... or these days it’s because of an “edge case with our AI”. What a load of crap.

 

[dumastudetto]

"Perfect track record" LMAO!!! Wow your credibility just went out the window.

Would you mind providing an example that disproves my point?

 

[MattMJB0188]

Would you mind providing an example that disproves my point?

The whole iCloud celebrity hack from a few years ago, does that ring any bells? So how can Apple have a perfect track record?

 

[dumastudetto]

The whole iCloud celebrity hack from a few years ago, does that ring any bells? So how can Apple have a perfect track record?

You're holding Apple responsible for dumb celebrities using terrible passwords?

 

[mtneer]

I find it hard to believe that Twitter did not "notice" this bug. All this data presumably runs into terabytes if not petabytes - which will cause some real bills to show up. Its hard to believe no one noticed this line item in their P&L's.