Ok, so there are many aspects to this - big corporation, single points of failure, 'improve security', steal credit cards/passwords, offline play, etc but there's one that stands out for me:
DDoS. Its trivially easy to send massive amounts of data at something and we have pitiful ways of mitigating it - in fact there is nothing you can do to mitigate it except buy more pipe than the attacker can fill. This is pants and isn't something the attacked companies can do anything about (except buy more pipe - which is ok if you're the size of Microsoft)
We need to start putting egress filtering in place to prevent these easy attacks, if the networks dropped all packets that didn't have a correct source IP, most DDoS would disappear as an attack (sure you'd still be able to gather lots of people/hacked machines together to instigate a DDoS but the attacker would be able to tell who they were and possibly get them fixed/cleaned for future).
The definition of a correct source IP - its an IP address the ISP owns. Its too easy to just create packets that have a random source IP or the IP of the target. We should be fixing this aspect of the internet years ago.