If you thought deleting your messages years ago meant no history or trace of them on Twitter then you have been proven wrong. A security researcher has discovered that after deleting Direct Messages, the company can still access the data even after years.
Researcher Karan Saini revealed in his report that Twitter retains Direct Messages for years, including messages you and others have deleted. That’s not all. Twitter also secures data sent to and from accounts that have been deactivated and suspended.
Following the security researcher’s lead, the publication also conducted its own tests confirming that it is indeed possible to recover DMs from years ago, including those that were made by suspended and deleted accounts. Saini also tweeted a clarification on what his findings meant for the regular user.
The researcher also found a bug that allowed him to an old API to retrieve direct messages even after it had been deleted from both parties.
Saini does explain that this is more of a functional bug rather than a security flaw. However, it still leaves the gates open for malicious users to trespass security loopholes and access accounts that have been suspended or deactivated for confidential data.
Twitter is aware of the issue and has issued a statement to TechCrunch stating that the company was “looking into this further to ensure we have considered the entire scope of the issue.”