Steps to reproduce (on a wikifarm with some single sign-on systems that uses autocreation, such as CentralAuth):
- create accounts A and B
- logged in as A, go to a wiki where B has no local account
- without logging out first, log in as B
The AbuseFilter log event will be attributed to user A and the account name variable will be B, exposing the fact that the two accounts are owned by the same user.
Log record example: http://en.wikipedia.beta.wmflabs.org/wiki/Special:AbuseLog/27870