Board Thread:General Discussion/@comment-66.215.244.198-20200806221440/@comment-9605025-20200810065300

The issue with IPs is that the same user can have multiple and multiple users can have the same IP (over time). With an account from another service, at least the user of the account trusts the user you are talking to. Well, assuming their account on the other service wasn't also hacked. The issue with the password is either that they have forgotten it or someone else could have gotten it. So knowing the password either proves nor disproves they are the same user.

What kind of check could Fandom do that wouldn't involve the users' emails? By changing the passwords before anyone attempts to login, Fandom is minimizing the chance that the hacker gets in, changes the email, and then locks out the legitimate user by changing the password. At the same time, the legitimate user (in theory) will get a notice via their email, reset their password, and move on.