If you have plausible reasons that a user’s email is compromised which in turn has resulted in their discourse account being compromised, You can as an administrator change their email and remove the old email.
You can simply mark an account as deactivated which will force a re-verification of email and essentially nuke all existing sessions.