It would certainly be hard by both luck and CPU/storage power to do this.
If you found a collision and a private key, that would do you no good since you would have to peg an account out of the
541,638,008,296,341,754,635,824,011,376,225,346,986,572,413,939,634,062,667,808,768 possible combinations of people using accounts.
So look at it two-fold. I find a collision in the hash and I find the private key. Now I have to hope my odds are that someone else is using that hash. Since there are more possible hash account numbers than every person every born on this planet and was each using a million addresses, the attack by it's own nature, while interesting, just isn't really feasible on a large scale.