You're aware this is how the vast majority of email providers legacy operated right? (And sadly a few still do)
E.g. in this case likely a 2 point auth system (security question and e.g. payment details (last four of latest payment meth/etc))
Seems you're shocked that a lower tier support agent can auth this kind of request when the reality for most email hosts is that they can.
They(likely a new employee) got socialed.
Yes, they should have systems in place to prevent this from being possible in the first place; no, I do not find your incredulity genuine, albeit rational.
FastMail isn't some random legacy email provider. It's a premium one that bills itself as secure. It's not some free mailbox you got with your budget domain registrar. Hence, it's reasonable to hold them to a higher standard rather than fatalistically observing that the median email provider sucks.
E.g. in this case likely a 2 point auth system (security question and e.g. payment details (last four of latest payment meth/etc))
Seems you're shocked that a lower tier support agent can auth this kind of request when the reality for most email hosts is that they can.
They(likely a new employee) got socialed.
Yes, they should have systems in place to prevent this from being possible in the first place; no, I do not find your incredulity genuine, albeit rational.