Your Deleted Photos and Messages Might Still Linger on Instagram

Published Categorized as Guide

We all love the idea of a clean slate, especially when it comes to deleting those embarrassing photos or messages on Instagram. But what if we told you that despite Instagram’s assurance of a 90-day deletion process, your data might be lingering around much longer? Let’s dive into the surprising revelation made by independent security researcher about how your deleted photos and messages might still linger on Instagram.

The 90-Day Deletion Mirage

According to Instagram, when you hit delete, your data is supposed to vanish into the digital abyss within 90 days. However, it turns out that this was not the case. Pokharel, armed with Instagram’s data download tool launched in 2018 to comply with GDPR regulations, discovered that Instagram was holding on to copies of photos and private messages even a year after users hit the delete button.

A Year-Long Oversight

The shocker here is not just the fact that Instagram was keeping the data, but that the bug responsible for this oversight was reported in October 2019 and only fixed a year later. It took almost twelve months for Instagram, owned by Facebook, to address the issue. As a token of appreciation, Pokharel was awarded $6,000 by the platform. The question that arises: How many other unnoticed bugs might be lurking in the digital shadows?

The GDPR Wake-up Call

Before the implementation of GDPR, companies storing deleted data was a common practice with minimal transparency. GDPR forced companies to be more explicit about their data handling practices. Yet, as seen with Instagram, compliance doesn’t always translate to immediate action. The delay in fixing this bug is a reminder that user vigilance and scrutiny are crucial in ensuring companies uphold their data protection commitments.

A Trend of Data Mishandling

Unfortunately, Instagram is not an isolated case. Twitter had a similar issue where users could access deleted Direct Messages years later. Facebook itself faced controversies like the opaque data collection and the Cambridge Analytica scandal, costing the company a staggering US $5 billion.

As data protection laws continue to strengthen, we anticipate more instances where companies falter in their data storage practices. The call to actively seek out and report such bugs becomes vital, contributing to a more secure digital environment for users (we’ve recently amped up our bug bounty program—more on that below).

Securing Our Digital Spaces

If you’re concerned about the privacy of your messages and photos, there are alternatives available. Secure messaging apps that allow message deletion or setting expiry dates offer a level of control over your digital footprint. While completely detaching from social media might be challenging, there are ways to minimize the information these platforms hold about you. Consider privatizing your photos and being cautious about the personal information you share online.

Upgrade Your Security: Bug Bounty Program

Speaking of bug bounties, we believe in a collective effort to enhance security. Our recent upgrades to our bug bounty program aim to encourage users to actively participate in identifying and resolving vulnerabilities, making the digital space safer for everyone.


1. How long did Instagram retain deleted data?

Instagram retained deleted data for up to a year, contrary to its stated policy of data deletion within 90 days.

2. What sparked the revelation about Instagram’s data retention practices?

Independent security researcher Saugat Pokharel unearthed Instagram’s data retention quagmire, sparking widespread scrutiny.

3. How did Instagram respond to the revelation?

Instagram acknowledged the issue and took nearly a year to rectify the data retention bug, finally addressing it in response to Pokharel’s findings.

4. Are there privacy-oriented alternatives to mainstream social media platforms?

Yes, several messaging apps and platforms prioritize user privacy, offering features like message deletion and enhanced data security.

5. What can users do to protect their digital privacy?

Users can take proactive steps to safeguard their digital privacy, including minimizing personal information exposure and exploring privacy-oriented alternatives to mainstream platforms.

Vpn ip address list free

Free VPN IP address lists may seem appealing, but they often come with significant risks. These lists may contain outdated or compromised IP addresses, exposing users to security vulnerabilities and potential data breaches. Additionally, free VPN services often lack robust encryption and may log user activity, compromising privacy.

For reliable and secure VPN services, we recommend exploring premium options like ForestVPN. With ForestVPN, you can enjoy enhanced privacy protection, secure encryption, and a vast network of servers worldwide. Don’t compromise your online security—choose ForestVPN for a safer browsing experience.

Take control of your online privacy and security with ForestVPN