Abillity to login with former email address after change

Having just been the victim of an account hack on Discord, I'd recommend being able to login with and having email duplicated to former email addresses for 48h or so after the email address has been updated.

If an attacker changes the registered email address there seems to be no way to regain control of the account, this seems crazy.

You'd save thousands of staff hours chasing hacking issues if users could regain access to their accounts and be able to change passwords back.

Email addresses can also be changed with no verification this also feels like an oversight.

edit: typo