The article makes it sound clear sure. But then the article has been edited.
I would not have been surprised if the 5 million user thing was couched as some sort of "we need to generate some realistic test data to load test our systems <WINK WINK> - please create 5 million accounts very similar to these paying ones, remember this is testing so they need to be as realistic and believable as possible <WINK WINK>".
If I got that request (perhaps without the winking!) come down the line through the usual channels I'd probably have gone along with it without realising it was for anything nefarious. ...but then would that be a viable defense?!
I think this skips over an important fact from the article - the head of growth + CEO were in the room making this request, then the eng director raised concerns, then they assuaged his concerns by saying it's ok for 'investor purposes'.
I can see the situation you're describing, sorta. Though if it was me and someone asked me to generate a list of 5 million real-ish user accounts in a report, I'd immediately ask why. If it's to commit fraud or lie to investors, I would be like hell no! If we're doing load testing or something legit, for sure. But I feel like benign use-cases of generating 5 million accounts would not include the "make it look real" aspect.
I also don't think the Reddit comparison makes sense, since Reddit didn't seek to sell the company at the time based on the # of users. Growth hacking is one thing, lying to investors about users is another. Because this data point was a key decision factor for a financial transaction, this fake information/lie becomes fraud.
Even if somebody gave no pretext, I don't think that, in and of itself, is illegal. Though it could be used for illegal things. For instance early on Reddit actively created fake accounts, fake votes, fake comments, and all other sorts of stuff in the process of trying to reach critical mass. I really doubt that was illegal.
OTOH if somebody sent a message saying, 'Hey we need to increase our apparent paying users in order to defraud some potential investors.' then obviously you've become part of a criminal conspiracy, but I think nobody would ever* overtly say that.
I think there is a big difference between faking 10k users and then going to investors at 1m users years later (it's a morally dubious kickstart) or in this case for the sake of the sale/investment going to 1400%.
I would not have been surprised if the 5 million user thing was couched as some sort of "we need to generate some realistic test data to load test our systems <WINK WINK> - please create 5 million accounts very similar to these paying ones, remember this is testing so they need to be as realistic and believable as possible <WINK WINK>".
If I got that request (perhaps without the winking!) come down the line through the usual channels I'd probably have gone along with it without realising it was for anything nefarious. ...but then would that be a viable defense?!
Context is everything.