Not exactly hacking, but other people made me remember it…

If you ran early software like a forum, often passwords/DMs/etc. weren’t encrypted in the database, so you could just look in your own database (or in the case of the perl-based forum I ran, the text files) and get people’s passwords and private messages. I remember my shock at seeing that when I was poking around the back end of my own forum, lol. Luckily for my users, I’m not an asshat, so I never got up to mischief with that. But I absolutely could have, and I know plenty of dudebros in IT who would/did.

I still operate today on the idea that once you interact with an online system, the admins of that system basically have everything you give them and there’s no privacy.

(Also, often if you, the user, “delete” something, usually what the system does is check a box for that data that is more or less a binary, “Is deleted? Y/N?”, and then shows/hides the data based on that flag being set. This is due to corporate customers crying if they delete something by their own fat fingers, but it means if you do intend to delete something, you should assume it’s not actually deleted, it’s just hidden from the view you, the user, have permissions to view. Of course this all depends on the specifics of the system you are interacting with, but I still default to assuming the “delete” function is just a flag that alters the view you see, not a true delete feature.)