I remember
Hilariousandco(Global Mod) saying that Cyrus once mentioned that account recoveries are a hectic task, and a lot of investigation is involved. These account recoveries consume a lot of time,apparently. Since only 2 people can investigate and their time is very limited, so a lot of issues just exist and nothing ever happens.
I think the process is even simpler for data-centered websites like facebook... I wonder what investigations can possibly be involved apart from checking the IP logs. IP Logs along with verification from the oldest staked address should be enough. The problem is, this process isn't automated and 2 admins have to process this stuff manually.
IP logs can be easily checked. Its literally a single button:
https://bitcointalk.org/index.php?action=help;page=profile#adminsSometimes the issue is that, the Bitcoin address that is staked, its private key is sold along with the account. If the old account holder used a VPN/TOR and the new account holder also does the same,then investigation becomes complicated.