I think we could help Simon if we tell him
There are two obvious issues with this:- Our username
- The balance we remember.
- The active orders we had
- And if required, our password so he can log in as the user and check our account.
1. Users can report higher balances than they actually have.
2. Passwords should not be needed; he already has access to the database, and if he really needed to be able to log in as the user, he could just temporarily change the password hash stored for the user.