I agree with your last post. It's not hard to make forum more secure. I've seen exchanges that give you layers and layers of things you have to do to change a password starting from a 4 digit pin number, then an email confirmation and ending with a 2fa code. Only after you pass all three you are able to change your account details. This forum doesn't have all that because back when it was made nobody even thought of accounts being worth over $200 and people managing advertising and sales campaigns from their accounts.
I'm pretty sure that if a staff member's account was hacked the recovery wouldn't take more than a day
I'm pretty sure that if a staff member's account was hacked the recovery wouldn't take more than a day
Absolutely right.
In fact, there is not even the need for PIN number or 2FA.
Just an email confirmation that the original user really intent to change anything, including changing to a new email, would still do very well.
I am sure those involved in the daily operation of this forum should already know these, and they cannot pledge ignorance.