we used to be able to catch multis by comparing account data, but security improvements made that less viable after we fixed our password storage handling
i should research if there is still a way to compare value without knowing them, and use it was a way to flag potential multis for review