I asked a few friends whether they'd had this happen, then looked up the popularity of their initials/names over time. Based on those numbers, it looks like there must be at least 750,000 people in the US alone who think 'Sure, that's probably my email address' on a regular basis.
Identity theft is the criminal method of assuming the identity of an unsuspecting person, usually to get credit in their name. While this is done deliberately, the comic introduces the idea of reverse identity theft: An older person with little knowledge of computers involuntarily uses another person's email address because they supposed it to be their own. Since most email addresses follow a generic pattern, they simply adapt the pattern to conform with their own name, unaware that someone with the same initial and last name already owns the address.
Most internet users face at some point the message that their desired email address is "already taken". Because email addresses must be unique and only a limited set of characters is allowed, people with common names usually add numbers to their name. The comic suggests that elder people might easily forget that they had to take, for instance,
rebeccamunroe42@gmail.comwhen they signed up. Instead, the person would tell everyone that their address wasrmunroe@gmail.com, since that follows the generic pattern and is the most intuitive assumption for them. They are in complete ignorance that the address belongs, in fact, to whomever claimed it first. In this case, the address belongs to Randall himself. (In case you're wondering, yes,rmunroe@gmail.comis Randall's email according to the xkcd blag.)The comic has Cueball call an older person, who apparently gave Cueball's email address to the phone company, which now emails Cueball the bills - this could have been avoided if said company confirmed an email address first. The person is not able to understand why this is not their email address (as it corresponds with their name) and is also very confused how Cueball got their phone number. The latter reveals a major problem of reverse identity theft: Using another person's email address for your own business matters exposes your own identity. The owner of the address could easily take advantage of the situation, leading to a scenario of regular identity theft. Fortunately, Cueball seems to be more honest; Black Hat probably would not have given any warning.
Due to the sheer mass of people online, nearly all simple nicknames are already taken; and the number of possible combinations is further diminished by services (e.g., Gmail) which ignore the dot sign altogether and does not allow the use of hyphens or underscores. This policy is designed to prevent fraud, but it forces users to add numbers or other unique identifiers to their names. Apart from the scenario addressed in the comic, another subsequent problem is the use of wrong email addresses by third parties. Someone sending sensitive personal information to the wrong recipient can just as easily expose a person's identity as the person themself.
In the end, there is no practical solution to the problems arising from the uniqueness of usernames and email addresses. Instead, it is simply the consequence of naming itself: While a name was originally intended to distinguish its bearer from a limited number of people (e.g. the rest of the village), the Internet makes it necessary to distinguish ourselves from the entire rest of the world (or at least everybody online).
Note that Gmail ignores everything behind a plus sign. Like ignoring dots, this is used as a way to create email aliases. The plus sign in the formula used in the comic should therefore considered to be only an indicator for concatenation, not a literal character in the address.