I am incredibly happy that Digital Ocean made you go to those lengths to get your account back. The last thing we need is web services companies requiring less security. Social engineering attacks are typically the method of entry to hosting providers such as Digital Ocean.
Frankly I would be totally fine if they required another form of ID (such as a passport) or another form of address/name verification (such as a utility bill). Or perhaps even a picture of the card on file.
What is NOT okay is a lack of response, which this article is describing.
Didn't you have backup codes or a backup phone number? Bearing in mind I have no idea how 2FA for DO works, but all services where I'm using 2FA have these options, although I've yet to fall into a similar situation I imagine that it should turn out fine thanks to these options.