Comment by PhilipRoman

Not an expert but I'd assume they keep track of the public IP of the device. When a site has bought this information and receives a request, they can record the link between person and account, so this needs to happen only once. On top of that you've got additional fingerprinting techniques to improve the accuracy.