To be fair, at least at FB (I can't speak to Google or Apple or Amazon):
1. Accessing someone's data when it's not mission critical to your work means you're fired on the spot. This is drilled into new engineers over and over.
2. Privacy-related issues are escalated to the highest severity immediately (on par with data centers being down, etc.). I think the question in this whole debate is where you draw the line for this kind of issue, and what's an issue and what's a feature.
There's a tool for that, and it's certainly the preferred way to debug. Along with all the telemetry you get, for the vast majority of cases you don't need to touch anyone's data.
You request access, and justify it with something like "I need it to debug issue #123". Someone manually oks/disallows it, and there's asynchronous reviews of these requests to double check. My guess is the intern lied about what they're using it for.
How else would you suggest to do privacy checks like these?
FWIW, as a Facebook engineer you have a ton of trainings on how to handle data privacy. And not only is every place where you can touch data actively logged/audited/monitored (this includes DB reads from code, admin tools, etc.), but to access any data you have to explicitly request permission for that specific data.
1. Accessing someone's data when it's not mission critical to your work means you're fired on the spot. This is drilled into new engineers over and over.
2. Privacy-related issues are escalated to the highest severity immediately (on par with data centers being down, etc.). I think the question in this whole debate is where you draw the line for this kind of issue, and what's an issue and what's a feature.