My main question is, what is the criteria for this to show up?
It shows up if a user has logged in with their last login time being at least 6 months ago.
Thanks.
Hopefully something can be implemented specifically for accounts whose passwords have not been changed since the hack, since they have an almost 100% certainty to be hacked.