Sometimes two or more sites share the same token (it's not permitted by core code and it's forbidden to do it). It happens when:

• a developer copy his test site into his production site (or the opposite). Site like test.mymoodle.com and www.mymoodle.com have often the same token.
• hosting services that install multiple sites with the same token.

=> they end up to overwrite each other information on the hub each time they update their information.

Because sites update their registration every 7 days, we could limit the manual registration update to 3 per 28 days.
If the hub/MOOCH detects than a site has been changed more than 7 times the last 28 days, it would mean that the token is being used by two different sites at least.

Then the hub could without worry mark the token as stolen. These sites would need to re-register.

Note that the hub can alert only one site of the problem, as this site overwrote the information of the previous ones. However we could add some code on the site to detect that the token is marked as stolen (during cron update, the web service call could return a string). Then the site will send an email to his administrator and also notify about the problem in the notification.