Don't forget about social engineering. Tell your support team to never give out passwords over phone. Build a password reset into site and get your support team to point users to that.
Most data breaches are by employees - lock your systems down.
Get your site pen tested.
Plus everything already said.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.