Before 8.0, granting a privilege to a user that did not exist created the user. Since 8.0, create users with CREATE MySQL Command Syntax USER; otherwise think of GRANT and REVOKE as frontends for maintaining mysql database tables user, db, tables_priv, columns_priv.

And before 8.0, with Grant, when a raw password immediately followed IDENTIFIED BY, MySQL hashed it, saving the result; a password value preceded by the keyword PASSWORD had to have been hashed by PASSWORD(). Version 8.0 removed IDENTIFIED BY and PASSWORD().