you got to realize that a hacker could reach into someone's account without the owner of such account exercising these security techniques. As you said, it's not impossible, and it's truly not fair for the victim of such event to not even get his account back. Yes, it was his responsibility, but no amount of security fortification could prevent a dedicated hack.
-Clo, with his views on things
Except that it is NEXT to impossible. He wasn't hacked because EVERYONE wasn't hacked. You can't really hack individual accounts. When you break into the database in search of passwords, you won't just be getting one person's information, at which point if something like this did happen, we would notify the community immediately.
For someone to have gotten his password without him knowing it either 1) wasn't strong enough to begin with or 2) he shared it. It's that simple.