Yes, I agree on that part, all data controllers, forums, etc have had to be secure, mostly that is the duty of the vendors of the forum software to ensure that their product is as water tight as possible and the duty of the site owner to regularly update in a timely fashion the site code.
HOWEVER, there is this niggling thing about IP addresses, they have never ever been a good way of identifying an individual, they could be one in a long stream of proxy addresses.
IP addresses are not long term, my ISP on my mobile changes my IP address twice a day and on every boot up, and my landline ISP changes my IP address at least once every 4 weeks and at random at least once, each time the modem reboots, the IP address changes.
Same for email addresses,
jack.jones which one is a real person, if either are a person, could be a fake user account.
IMHO the forum can easily resolve this...
Lock all profiles.
On next visit or login - user goes to edit profile.