A security researcher has been awarded a bug bounty after discovering Instagram was retaining data long after he had deleted it.
According to TechCrunch, security researcher Saugat Pokharel discovered that Instagram’s Download Your Information tool included data he had deleted over a year ago. With any online platform, deleting data on the user’s end doesn’t immediately delete it on the company’s. The information must be deleted from the entire network, including any backups, a process that usually takes a couple of months.
In Pokharel’s case, however, when he downloaded his data, it included private direct messages and photos he had deleted over a year ago, well past any reasonable time it should have taken. He submitted the bug via Instagram’s bug bounty program and the company fixed the issue.
An Instagram spokesperson told TechCrunch: “The researcher reported an issue where someone’s deleted Instagram images and messages would be included in a copy of their information if they used our Download Your Information tool on Instagram. We’ve fixed the issue and have seen no evidence of abuse. We thank the researcher for reporting this issue to us.”