MNHQ are constantly telling MNers to report, report, report never troll hunt, don't discuss misgivings on the actual thread, etc. Well this is a sure-fire way of putting people off wanting to use the Report function if ever I saw one. It's always with the benefit of hindsight that these "glitches" (aka human cock-ups) come to light, when it's too late. The mess may get cleared up but the reputational harm remains. Trust is very very hard to earn, and very easy to lose. People are still talking about the Jeffrey-gate hack years after the event and now Report-gate.
I've been saying from the start (pre-go live) that the lack of controlled end-user testing is a shocking and highly risky strategy when you're talking about a public (and highly visible) platform like this. Asking MNers to "test some stuff" when they are not paid to do that and not qualified (good testing is a very skilled profession), is poor practice. Testing isn't only about "does it work", it's also about picking up risk areas that the untrained eye may not even realise is a problem. If I was the head of MN no way would I give such an important part of a new platform launch to unpaid, untrained, unqualified (no offence meant but it is a fact) "testers" who don't have skin in the game in MNHQ and won't be called to account if the law is broken in plain sight.
It's through controlled testing that you get to know of, document and mitigate potential security holes (in this case, that can be caused by procedural human error). If this platform software is a US product, they don't know the meaning of GDPR now DPA2018, Europe and U.K. are leaders in ensuring people's privacy is maintained by law, so it can be missed during the development cycle of this platform in a country that doesn't value data privacy, and that gap has to be plugged by human intervention (ie procedure/documented work practices, which HQ now admits was missed. I always have the perception they're "winging it" and perception can be 9/10th of reality!