Right. Though if someone really wants to know, I might consider manually giving them their logs after verifying that their account doesn't look hacked.
That's a nice way IMO because if you provide IP logs manually then its going to be much safer for the real user of that account. Hackers will not be able to verify themselve manually for sure.