Thank you for the question. Let me elaborate.
Yes, of course we do have a QA environment.
Even though the applications are exactly the same across QA and Prod, the security configurations are not (e.g. QA is not exposed to the internet). Our end goal is to get maximum security of the production environment, and hence it makes sense to do ethical hacking there.
By definition and contract, ethical hacking is non-destructive and should not affect the experience of other users. We have been doing this for a while, and this was the first time that these experiments had a visible impact to other users, even if minor. The post was immediately deleted, but not quickly enough to fool the Community Digest ;-).