Discourse is a complex program with a lot of options, hard to learn and know all of them. On deep investigation what I thought was two accounts being hacked was in fact a normal, but obscure function of Discourse, in which, for security reasons, admin account emails are invalidated after a year, and simply need to be re-validated. This is so as to purge defunct administrators and so on. I was unaware of this, and it looked like the site had been broken into, even though that it is impossible with the strong cryptographic passwords I set for admins (consequently this was a mystery until I learned the cause).
So it turns out to be my ignorance of this function, and we have not been hacked. This is a relief. I apologise for the noise.