Instagram was caught in the act disrespecting the privacy of its users: it seems that the social network kept, on its own servers, copies of photographs and private messages even after the user ordered their exclusion. Who identified such inappropriate behavior was security researcher Saugat Pokharel, who reported the problem in the platform's bug-hunting program.
- How to request to download your Instagram data
- Instagram is accused of illegally collecting biometric data from users
- Instagram will request "suspicious accounts" identity document
Pokharel realized the flaw in using the tool provided by the application for the user to download all their personal information – a right granted to all European citizens since 2018, when the General Data Protection Regulation or GDPR) entered into force. However, in the middle of the giant data library, he noticed something strange.
Several images and conversations that had already been deleted by the analyst himself years ago were still part of the social network's records. It is common for online services to store content for a brief moment – such as a day or two – after being deleted from the terminal, but the Instagram case seemed much more serious.
After notifying the company in October 2019, Pokharel received $ 6,000 as a reward for detecting the flaw, which was fixed in an update released last month. To TechCrunch, the company pointed out that there is no evidence that such a problem has been exploited by malicious agents and assured that storing data indefinitely is not a company policy.