Does make me think that there should be regulations about support to prevent this sort of thing though. Maybe at the very least there should be a mandated reason for banning/deleting an account and an appeal process with an actual person on the other end. Yes people might use it to figure out how to 'abuse' the system. But that's life. We don't hide the laws so the only way people know what's legal and what isn't is to get arrested for breaking them.

I do wonder what the solution to number 3 is though. Feels like an issue with services using Google login, not Google itself. If you registered with an email and that domain expired, someone could also reset the password for much the same effect. Short of Slack and the like asking you some sort of security question upon logging in each time, I'm not sure what a good solution would be to fix this sort of flaw.

I lost access to literally nothing! SSO binds your email address as the primary account idenitifier in all known to me services. Does not matter what IDP you use to “sign in with”.

I find this twitter thread misleading. Unless the affected account was using @gmail.com as their primary identity.

Buy a domain and set up email on custom domain. backup emails periodically outside of the provider to be able to switch easy if needed. Same applies to other data stored in SAAS of any kind. This is the rule of thumb if the risk of losing access to tour primary IDP is critical.

Assess the risk and act accordingly.