I know you're being nice here, and I have no idea if that particular user cared, but like, as someone who has to take frequent user data/trust/privacy/handling trainings, like, don't ever do that.
Firstly, you really want to engineer your systems as much as possible so that you can't look at any PII -- and that includes things like usernames that aren't displayed to the public, and maybe even ones that are! -- as an administrator of your system, without going through some sort of "break glass in case of emergency" process that leaves an audit trail with a clear policy of when it is acceptable.
Second, even if you have access for job-related tasks, you shouldn't spontaneously try to tie user accounts to outside identities; that should be like line 4 or 5 in your data access policy. The right way to do the above would be something like saying "Thanks for vouching for us! If you message me your username @XYZ, I'll add some extra bandwidth credits to your account. :)"; that turns the interaction/demasking into something voluntary on the user's behalf, rather than you creepily stalking them through your user DB.
