Hello anonymous,

I'm glad you like the blog. 

Now regarding the hi5 account problem, indeed it's a problem if someone is impersonating you. But keep in my of the following, first I'm not sure if hi5 is still vulnerable to this kind of XSS, after all this was posted on May 2006, also I have post this as a proof of concept. This means I was trying to make the hi5 team fix such problem, not for people to use what's in it to __illegally__ access user accounts. Even if such access is for a ~~good~~ purpose like your case.

My advice to you, is not to start an illegal action but rather use hi5 abuse report system. If you access the profile of the person that is impersonating you there will be a link called report abuse, and you can report impersonation.

Regarding a way to find the login id, the only way I'm seeing is to access the user cookie. Hypothetically speaking, if xss is still active and if you inject xss on a page that you the other person will visit you'll be able to know the login id. This would be achieved mostly by adapting the js code on the posts' last example but, instead of erasing Email cookie you would save it. 
Still this __is__ an hypotheticall scenario, I don't advice you doing, it can be seen as access of private information (which is ilegal).

If you need to discuss anything else you can always post here or email me, you'll find my email on my profile, [pabrantes].

Thanks for visiting and posting.
My best regards,

Paulo