I’m pretty sure that this is precarious action. Compromised email used with UE4 means possible threat so instead of waiting for problems they just reset passwords for such accounts. I doubt that Epic can compare leaked text/hashed password with your password and send notification only if this matches. If they did that - then it would be a real problem.
However, if email was compromised then using same email for resetting UE4 account password seems… weird to say the least.