I don't think the account could possibly be transferred to you. The passwords should be encrypted therefore you can never find out the original passwords of the scammers.
Pretty sure admins can change someone's password without knowing their original password.
I guess they could manually do it through their database. Assuming they hash the password with salt multiple times, they would probably have to manually do this. Unless the passwords are stored in plaintext...