Twitter might still have copies of your DMs saved in its system even if it’s been years since you deactivated your account. Security researcher Karan Saini told TechCrunch that he found years-old messages in an archive of his Twitter data — which you can request from Twitter itself under the Settings menu — even if they were from accounts that had been deleted or suspended. The publication has confirmed Saini’s report by looking through an archive and finding a conversation with a suspended account from way back in March 2016.
Under Twitter’s guidelines, the company wrote that “there is a very brief period in which [it] may be able to access account information, including Tweets.” You can only restore your account with all its data intact within 30 days, after all. Twitter accepts requests from law enforcement to preserve records, but the platform said it will only keep a temporary snapshot of relevant account records for only 90 days.
In addition, the security researcher discovered that those archives could also come with messages you’ve previously deleted or were deleted by the person you were chatting with. While Twitter now only removes DMs you delete from your own inbox, Twitter used to scrub them from the recipient’s inbox, as well. It looks like the platform can still keep a copy of them either way.
Saini said the records remain accessible due to a “functional bug” rather than a security flaw. Whatever it is that causes this issue, it’s clearly a privacy problem — one that Twitter still doesn’t have a full grasp of. A Twitter spokesperson told TechCrunch that it’s “looking into this further to ensure [the company has] considered the entire scope of the issue.”