It looks like there was a new addition to the
security log at roughly March 23, 2017, 12:26:24 AM GMT that alerts people to when someone accesses their account after a long period of inactivity. This appears both in the security log and on a user's trust profile (presumably for at least 30 days).
My main question is, what is the criteria for this to show up?
It looks like this will show up, even if you have changed your password since the May 2015 hack. I would point out that it is not entirely unusual for someone to take several months being away from the forum for whatever reason and to come back. With this being said however, it would be more unusual for someone to have not changed their password after the forum was hacked in May 2015 if they had any intention of ever coming back, especially about 22 months after the fact, and especially considering the widespread attention and publicity that this hack got.
As a result of the above, I would propose to display some additional/different warning when an account "wakes up" (as per the above criteria) AND has not changed their password since the May 2015 hack.
At a minimum, this should be a different warning message on a user's trust profile, and different entry in the security log.
I am not sure how difficult this would be to code and implement, however a scrub of all posts made by users who have not yet changed their passwords since the May 2015 hack that contain what could be considered a bitcoin address could be done, and users could be prevented from editing/deleting those posts. If the legitimate owner of an account comes back and wishes to edit/delete one of these posts (and would otherwise be able to do so, eg no hidden scammer tag), they could sign a message from one of the addresses posted -- I don't think admin intervention would be necessary in these cases because users already have access to their accounts, I think it might even be safe to 'unrestrict' these posts by submitting the signature to a specific message requested by an automated form.
Another option would be to have
OldScammerTag leave negative trust whenever someone meets the above criteria of waking up their account and having not changed their password since the May 2015 hack. This negative rating could be removed after a signed message is provided, or after xxx number of days from when a user disputes the negative rating publicly -- in the later case, the rating could be changed to a neutral.