Honestly, if you try it, you will find it doesn't really work this way. A lot of heuristics are used for recovery, many which are not visible to the outside for security reasons. Also, data recovery is never possible because of the use of zero access encryption.
Protonmail's customer service agent CCed my recovery email (me) in the email thread where the attacker was social engineering them. And the attacker was successful until I had to reply to the email chain myself to tell them to stop.
And yes, signing up to Home Depot's email newsletter and other services so that they could tell the customer service agent "my last few emails were from Home Depot and ..." was successful against their customer support system. That's just how amazing it is.
Finally, I don't expect the social media guy running protonmail's HN account to give us much insight into protonmail's customer support security issues, but if you're going to show up, I would've at least expected you to forward my email somewhere for follow up.
Just providing the information on the most recent correspondents is never enough to provide access to a Proton account. Please share your support ticket number with us so we can see what happened exactly.
