Index: src/wp-includes/pluggable.php
===================================================================
--- src/wp-includes/pluggable.php	(revision 32681)
+++ src/wp-includes/pluggable.php	(working copy)
@@ -1656,12 +1656,14 @@
 /**
  * Notify the blog admin of a user changing password, normally via email.
  *
+ * Notify the user of any change to their password, also via email.
+ *
  * @since 2.7.0
  *
  * @param object $user User Object
  */
 function wp_password_change_notification(&$user) {
-	// send a copy of password change notification to the admin
+	// send password change notification to the admin
 	// but check to see if it's the admin whose password we're changing, and skip this
 	if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) {
 		$message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n";
@@ -1669,6 +1671,46 @@
 		// we want to reverse this for the plain text arena of emails.
 		$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
 		wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), $blogname), $message);
+
+	//send password change notification to the user
+	} else {
+		/* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
+		$email_text = __( 'Howdy ###USERNAME###,
+
+This notice is confirming you recently changed your password on ###SITENAME###.
+
+If you did not change your password, please contact the Site Administrator at
+###ADMIN_EMAIL###
+
+This email has been sent to ###EMAIL###
+
+Regards,
+All at ###SITENAME###
+###SITEURL###' );
+
+		/**
+		 * Filter the email text sent when the user's password is changed.
+		 *
+		 * The following strings have a special meaning and will get replaced dynamically:
+		 * ###USERNAME###    The current user's username.
+		 * ###ADMIN_EMAIL### The link to click on to confirm the email change.
+		 * ###EMAIL###       The new email.
+		 * ###SITENAME###    The name of the site.
+		 * ###SITEURL###     The URL to the site.
+		 *
+		 * @since 4.3
+		 *
+		 * @param string $email_text      Text in the email.
+		 */
+		$content = apply_filters( 'user_password_change_email_content', $email_text );
+
+		$content = str_replace( '###USERNAME###', $user->user_login, $content );
+		$content = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $content );
+		$content = str_replace( '###EMAIL###', $user->user_email, $content );
+		$content = str_replace( '###SITENAME###', get_option( 'blogname' ), $content );
+		$content = str_replace( '###SITEURL###', get_option( 'siteurl' ), $content );
+
+		wp_mail( $user->user_email, sprintf( __( '[%s] Notice of Password Change' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
 	}
 }
 endif;
Index: src/wp-includes/user.php
===================================================================
--- src/wp-includes/user.php	(revision 32681)
+++ src/wp-includes/user.php	(working copy)
@@ -2121,13 +2121,52 @@
 	// If password is changing, hash it now.
 	if ( ! empty($userdata['user_pass']) ) {
 		$plaintext_pass = $userdata['user_pass'];
-		$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
+		$userdata['user_pass'] = wp_hash_password( $userdata['user_pass'] );
 	}
 
-	wp_cache_delete($user[ 'user_email' ], 'useremail');
+	wp_cache_delete( $user[ 'user_email' ], 'useremail' );
 
+	if ( $user['user_email'] !== $userdata['user_email'] ) {
+		$email_text = __( 'Howdy ###USERNAME###,
+
+This notice is confirming you recently changed your email on ###SITENAME###.
+
+If you did not change your email, please contact the Site Administrator at
+###ADMIN_EMAIL###
+
+This email has been sent to ###EMAIL###
+
+Regards,
+All at ###SITENAME###
+###SITEURL###' );
+
+		/**
+		 * Filter the email text sent when the user's email is changed.
+		 *
+		 * The following strings have a special meaning and will get replaced dynamically:
+		 * ###USERNAME###    The current user's username.
+		 * ###ADMIN_EMAIL### The link to click on to confirm the email change.
+		 * ###EMAIL###       The new email.
+		 * ###SITENAME###    The name of the site.
+		 * ###SITEURL###     The URL to the site.
+		 *
+		 * @since 4.3
+		 *
+		 * @param string $email_text      Text in the email.
+		 */
+		$content = apply_filters( 'user_email_change_email_content', $email_text );
+
+		$content = str_replace( '###USERNAME###', $user->user_login, $content );
+		$content = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $content );
+		$content = str_replace( '###EMAIL###', $user->user_email, $content );
+		$content = str_replace( '###SITENAME###', get_option( 'blogname' ), $content );
+		$content = str_replace( '###SITEURL###', get_option( 'siteurl' ), $content );
+
+		wp_mail( $user['user_email'], sprintf( __( '[%s] Notice of Email Change' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
+	}
+
 	// Merge old and new fields with new fields overwriting old ones.
-	$userdata = array_merge($user, $userdata);
+	$userdata = array_merge( $user, $userdata );
 	$user_id = wp_insert_user($userdata);
 
 	// Update the cookies if the password changed.