Open MySQL and use this query.
delete FROM `user` WHERE `user_email_authenticated` is null
You may have to change the prefix to the user_email_authenticated if you have one. This quick SQL will go through an nuke any account which hasn’t beed validated.
Suggestion if you don’t run an open MediaWiki site, like I do at www.Apple2Games.com … block out registartions… add this to the LocalSettings.php file.
# Prevent new user registrations except by sysops $wgGroupPermissions['*']['createaccount'] = false;
See https://www.mediawiki.org/wiki/Manual:Preventing_access for more user restrictions.