IG co-founder here: users 1 and 2 were our first two attempts at creating users end to end when getting Instagram v0.1 hooked up to the backend we'd written. There was a bug so they were left in an incomplete state; post bugfix, 3 was my co-founder Kevin and 4 is me.
<i>"java.lang.NullPointerException"</i><p>That is probably responsible for more of the lost sleep in my life than any other single entity.<p>Various versions of <i>"out of file descriptors"</i> might be a close second.
At my work there were some drivers who cloned the app and were using (a presumably hacked version of) it on another tablet with the "test user" ID to make a whole bunch of money, they could see where the trips were going and would only take the really good ones. Bare minimum we're probably talking at least an extra $1k/week.<p>Who knows how long they got away with this before someone noticed "ghost tablets" logged into the system and locked down the test user account -- which is also how they got caught because they then had to log in with their actual ID and <i>The Powers That Be</i> could pinpoint who exactly was doing it.<p>So, yeah, lock down invalid user account IDs.