Comment by Daegalus
Well, as someone who worked in probably the same team that still manages this exact code 10 years ago, I can tell you that I quickly went through the article wondering if it was any of my code, or things I touched.
Back then the team was called Nucleus (hence in one of the responses in the article, the refType was NUCLEUS) who built and managed the backend api for Entitlements, Accounts, and Payments. It was a summer internship, so a year later when they offered me a position on the team, I stareted work there. By then the team was renamed EADP as it was slowly being merged with Origin (i forget what the DP meant, Data Platform?) hence one of the endpoints starts with `dp.`
Though, we did not have a GraphQL db back then, it was all Enterprise Java (OCI, Spring, Hibernate, etc) and some newer Groovy/SpringBoot stuff before I left. Running on datacenter servers (no cloud). But I worked on some fun things. I moved on from there after 2-3 years after some shit hit the fan, but I learned a lot of good backend dev back then from good engineers.
No clue what the team is like today, who the engineers are, or what is going on, but it is a shame to see something like this. We were very security conscious back then, and I even worked on a Bruteforce system to detect and handle bruteforce attempts on our login page. No clue if it is still active or running, but Security checks/reviews were part of our sprint task to reduce the chances and surface area of compromises.
I was part of the original team that built Nucleus. It was very specifically an internal API that was never ever supposed to be publicly exposed. We were always very careful with it and did various things like requiring mutual TLS for clients. This was 15-ish years ago though. It's also hard to control what clients end up doing with your API. This reads like they proxied part of it to the public :(