I agree with your last post. It's not hard to make forum more secure. I've seen exchanges that give you layers and layers of things you have to do to change a password starting from a 4 digit pin number, then an email confirmation and ending with a 2fa code. Only after you pass all three you are able to change your account details. This forum doesn't have all that because back when it was made nobody even thought of accounts being worth over $200 and people managing advertising and sales campaigns from their accounts.
I'm pretty sure that if a staff member's account was hacked the recovery wouldn't take more than a day