This isn't broken, it's just a misunderstand about how FC ranks works.
There's only two FC ranks. Master and not-master. You can divvy up privileges among different ranks but if you give one promotion or demotion allowance, they can go above and below their number designation, because to anyone who isn't the FC master, they are equals.
Again, while it's caused problems, the system is working as intended.

As for you getting hacked, be wary of suspicious twitch streams I guess. It's apparently becoming much more common, a friend of mine who I thought was a lot more smart about these things had it happen to him and his FC last week. Something like 40 million gil gone in a drunken stupor. The problem with the way these work is that even a one-time password authentication can't stop them. You're putting your info, OTP included, into a not-SE website, which just automatically attempts the info into the game client on the hackers computer. And after that it's too late.
At least, that's going to be my educated guess in how that all happened due to the severity of the number of issues these Twitch streams with fake links have been popping up more recently.