I guess I’m not terribly surprised. It fits a narrative, not of being overly protective, but of run-of-the-mill incompetence.
Someone once used a DigitalOcean droplet to run an aggressive layer 7 denial of service attack against a service I host. I notified DO via their web form, didn’t get a reply for three days, then got told to email to their abuse@ email address instead.
Dutifully, I mailed abuse@ and included the relevant server logs, gzipped, as an attachment. I got a reply that they won’t open any attachments, please copy and paste the logs directly into the email.
As an outsider, it seems to me as if they have few people with the appropriate technical background staffing their abuse department, so legitimate reports are left uninvestigated due to dumb technicalities like not being willing/able to open attachments, and bogus reports are accepted without thought or understanding as to the appropriate course of action.
They're definitely on the theater side of security. I've got locked out of my account multiple times for no reason.
Furious the second time, I sent a crafted image of an invalid ID to check if they actually even care. It seems they don't, as the account got unlocked all the same.
I think you should make a blog post with screenshots calling them out for this ridiculous hypocrisy.
Of its own the blog post won't do anything, but the next time they're being overeager and shutting down a legitimate customer, you can link to that and corner them to fix their procedures.
This is the most offensive part to me, I can't even sign up or use DO without having my privacy invaded and sold (they load multiple fingerprinters from different third party vendors that also then share this data) yet they still don't have a handle on abuse.
I get so much rubbish from DO space, nonstop port scanning at absurd volumes (sometimes totaling 6 digit+ pps), from customers that haven't been removed in years. massscan/zmap from people with a fake opt out page (that I shouldn't need to be opting out of), etc.
Given the sheer volume of dodgy packets that originate from DO network space, I find this surprising.