Thought the data from that embarrassing Instagram post was lost after you deleted it, like tears in digital rain? Think again.
Cybersecurity researcher Saugat Pokharel discovered a bug in Instagram’s database that preserved a user’s image data even if a the person deleted the original shot from their feed.
An Instagram spokesperson tells TechCrunch a bug in its Data Download tool—which lets users download and review a copy of all the personal data the platform stores—prevented image data from being properly deleted. Facebook launched the tool for Facebook and Instagram users following the EU’s GDPR ruling in 2018. Pokharel discovered the bug by accident after he spotted the image data in his downloadable Instagram database.
Instagram says it fixed the bug and removed the improperly deleted data. The company also says there’s no evidence that hackers exploited the bug. That’s great and all, but this is yet another example of social media platforms mishandling our data.
It’s not just hackers we have to worry about
Social media apps really like your data. To their credit—and the GDPR’s—many of them have made it easier to see everything you’ve submitted to their servers. But even if we know what is stored, we don’t always know how or why it’s stored.
For example, we all knew that Twitter keeps user emails and phone numbers and that Facebook kept backups of password data—all necessary for confirming someone’s identity when logging in. We didn’t know that Twitter sold that information, or that Facebook stored login credentials with virtually zero security. Then the Cambridge Analytica leak happened.
Check what your social media apps are tracking
When you hand your data over to someone else, there’s always a risk it could be misused or mishandled. That said, you can prevent privacy mishaps by limiting how much data you let these platforms collect.
Instagram, Facebook, Snapchat, and Twitter let you download and review your profile’s data. These apps also let you limit data tracking in your profile’s security and privacy settings (for the most part). It’s no silver bullet that will magically anonymize you on these networks, but it’s something. And in the case of Instagram’s little snafu, it could have helped alert you that all those images you’ve been deleting? Yeah. Not actually deleted.
Make a point to review this data regularly. Assuming the databases include everything these platforms store, it’s an excellent way to catch anything you want to delete. The less personal information you have saved out there, the easier it is to recover from a data breach.