A Twitter bug reportedly saves direct messages that users 'deleted.'

World's Direction/Flickr

Bug lets Twitter save your DMs—even after you delete them

Even data from suspended or deactivated accounts is saved.


Eilish O'Sullivan


You should know by now that whenever you put something on the internet, it will stay there forever. Well, that sentiment holds true when it comes to your Twitter direct messages. It turns out Twitter does not truly get rid of your DMs, even after you delete them, the Verge reports.

A security researcher told TechCrunch that he found a bug on Twitter: The social media platform stores users’ DM data for years, even after it’s deleted. “When you delete a Direct Message or conversation (sent or received), it is deleted from your account only. Others in the conversation will still be able to see Direct Messages or conversations that you have deleted,” according to the Twitter Help Center.

The researcher also found that Twitter keeps DM data from suspended or deactivated accounts, and you can retrieve deleted DMs by downloading your account’s archived data.

The researcher, New Delhi-based Karan Saini, filed the report through HackerOne, a “Bug Bounty Platform” that finds errors in platforms like Twitter.

About a year ago, Saini found a similar bug on the social media platform “that allowed him to use a since-deprecated API to retrieve direct messages even after a message was deleted from both the sender and the recipient — though, the bug wasn’t able to retrieve messages from suspended accounts,” according to TechCrunch.

A Twitter spokesperson told the Daily Dot that the newly discovered bug is “functional,” rather than a security bug, which would pose a much larger risk.

“We are still looking into this further to ensure we have considered the entire scope of the issue,” the spokesperson said.


H/T the Verge

Share this article

*First Published:

The Daily Dot