After a few days of checking every foreseeable aspect of this case (email, private keys, synced browser passwords, secret questions and what not, seem to have been compromised at some point), we've come to the conclusion that the hacking extent is way to big to determine the ownership correctly so it will be better if the account remains locked indefinitely.