Solution:
You are using a custom .find() and the result is not sanitized.
First, import sanitize utils:
const { sanitizeEntity } = require('strapi-utils');
Second, sanitize fetched data by providing data and defining the model:
let result = await strapi.services.articles.find();
let articles = sanitizeEntity(result, {
model: strapi.models['articles'],
});
Now articles contains data without creator fields and without privateAttributes(id, created_at), as you defined these options in facilities.settings.json.