Security researcher Karan Saini discovered DMs on Twitter in an archived file that had previously been deleted. Twitter even retained messages from accounts that were deactivated or suspended.
Further, Saini previously found another bug that allowed him to access deleted Twitter DMs last year, but was just reported recently. That bug involved an API that has now been deprecated.
Saini told TC that he had “concerns” about how long Twitter was storing deleted data. The publication also confirmed Saini’s findings as they found messages that had been deleted when requesting the data that Twitter keeps. That’s despite Twitter stating that an account and its data will be deleted after a 30-day grace period once a user has deactivated their account.
But, in our tests, we could recover direct messages from years ago — including old messages that had since been lost to suspended or deleted accounts. By downloading your account’s data, it’s possible to download all of the data Twitter stores on you.
In related news, Twitter’s CEO, Jack Dorsey, yesterday said that the platform might offer a “clarify” feature instead of an outright edit option that the community has been wanting for a long time.