Yes, access to production database is fairly common (for certain job functions, at least). Unaudited and unfettered database access is much less common. Sure, it happens, but it is rare - especially for something at the scale (& attractiveness to hackers) of Instagram. And yes, an audit trail doesn’t mean your manager will be immediately alerted, and there are people who won’t think of the audit trail and go snooping in prod anyway - so it is possible, but I just don’t think it’s very probable ¯\_(ツ)_/¯
And a moderation tool for direct messages? Which are E2E encrypted? That doesn’t make much sense to me. What moderation function would a “list of people they have DMed in the last 2 years” serve? I guess it could be used to determine if somebody has been harassing someone else - but the block feature exists, why would it reach a moderator in the first place?
and frankly you should assume that this is happening behind the scenes at every company.
Look, I operate under the principle of “anything that I put online, will be eventually public and linked to me” (which is why I would never answer the original question, even with an anonymous account that isn’t linked to my email) and “everybody sucks at infosec” - but that doesn’t mean Instagram employees have a handy way to access a human readable list of people I have DMed.
Occam’s razor is in favour of the girlfriend getting the info the old fashioned way - snooping on the OP’s phone
Yes, access to production database is fairly common (for certain job functions, at least). Unaudited and unfettered database access is much less common. Sure, it happens, but it is rare - especially for something at the scale (& attractiveness to hackers) of Instagram. And yes, an audit trail doesn’t mean your manager will be immediately alerted, and there are people who won’t think of the audit trail and go snooping in prod anyway - so it is possible, but I just don’t think it’s very probable ¯\_(ツ)_/¯
And a moderation tool for direct messages? Which are E2E encrypted? That doesn’t make much sense to me. What moderation function would a “list of people they have DMed in the last 2 years” serve? I guess it could be used to determine if somebody has been harassing someone else - but the block feature exists, why would it reach a moderator in the first place?
Look, I operate under the principle of “anything that I put online, will be eventually public and linked to me” (which is why I would never answer the original question, even with an anonymous account that isn’t linked to my email) and “everybody sucks at infosec” - but that doesn’t mean Instagram employees have a handy way to access a human readable list of people I have DMed.
Occam’s razor is in favour of the girlfriend getting the info the old fashioned way - snooping on the OP’s phone