Even if you’ve sent a strange DM to your celebrity crush who accidentally followed you when Twitter was but a small thing all those years ago, security researcher Karan Saini told TechCrunch that Twitter still has such messages on record.
Through digging around in a file from an archive of his own data, which he obtained through the social network from accounts that were no longer on Twitter, he found that Twitter still had messages from years ago.
According to TechCrunch, Saini also reported a bug he found a year ago, but has only just disclosed, which means that he could use a since-deprecated API to dig up old direct messages even if they’d been deleted by both the sender and the recipient.
Displaying this data appears to be a bug rather than a hidden feature in Twitter. And the old API wasn’t able to scrape up messages from suspended accounts, which is a tad grim as such accounts could be full of all manner of text-based nastiness.
Twitter also says that there’s only a 30-day window for users to retrieve their old data if they decide to delete their account and then change their mind and rejoin the social network. But it would appear that the data behind the accounts hangs around a lot longer.
Furthermore, by downloading your account data from Twitter, TechCrunch reported, you can see all your old messages including those that you’ve deleted from your inbox and those sent to suspended or deleted accounts.
Saini said this is not a security issue but a “functional bug”, one that allows anyone to perform a “clear bypass” of Twitter’s mechanisms which should prevent access to data on suspended or deactivated accounts.
This might not be a security bug but it’s a privacy problem and one that a Twitter spokesperson told TechCrunch that the company is looking into. We somehow suspect there’s more to all this than meets the eye. µ
Source : Inquirer