No Confirmation or Notification During Email Change which can leads to account takeover

Hi Team, I have noticed that, when user change his email through account setting, user doesn't get any notification or confirmation to change an email from xxxx to yyyyy. If user kept his/her account logged-in into PC, cafe, college systems then attacker can change his/her email to own mail and can takeover the account of victim. Scenario : 1. I changed my email1 to email2 through profile 2. Sign-out the account and try to log-in using email1 3. It was failed and when I used email2 its working. Similarly user can change his/her password to takeover account. Please let me know if any help is needed. Thanks and regards, Kiddie..!! Refer Ticket : #280304 #62827