Just read this series of articles on NetworkWorld and ComputerWorld: «Hacker leaks thousands of Hotmail passwords, says site», «Gmail, Yahoo Mail join Hotmail; passwords exposed», «Compromised Hotmail, Yahoo, Gmail accounts exploited in fake shopping scam».

I saw this idea about concealing user identity: Store and transport user identity in hash rather than in clear text. That makes it much harder for a hacker to find out a user's identity to begin with. Maybe it is time for something like that.