I have no idea, how the identity of the users could have been established otherwise - assuming that hashed and seeded passwords could not be copied from one server to another, leaving alone the fact, that none of the admins had the necessary access privileges to do that.
Imho Mediawiki hashes could be 'copied' if the new server used the same salt for the storing. Not too clean, but easy and simple. Probably the real server didn't used https :D
About authoring users, you can allow them to make a new password and then email him/ask to write in a summary a confirmation code to verify they're who they claim to be.
About your ideas to simply modify [[Wikipedia:Admin]], it would have a retroactive effect, so it's much more complex.
...Attracting pubic attention ? lol