I don't think every one is lying, i just think that some people maybe misleading. Pretty much any company in the world has Intrusion Detection/Prevention Systems. lookup IDS/IPS. These are tools that track the traffic through firewalls coming and going within an environment. Like any other company, they are utilizing these types of tools to capture any malicious activity. My guess is they use these tools during the investigation to find which accounts are tied to this. Even when you first login, sometimes the system is setup to stop the connection to the server until they can investigate. Remember there are Millions of people logging in and they have a whole team through the world who's main job is to look at these malicious connections and then ban accordingly. If this was automatically happening, believe me, WAY more than 400 people would be getting banned.