[limitedsupply]

Look, I totally agree with you: this situation is everyone’s worst nightmare. I wish Apple has responded in a more reasonable and timely way.

Saying that, I can see how by limiting their involvement they are reducing the risk surface. To address issues like that (and there is, of course, a huge spectrum of account hijacking situations) they would need to train an army of international support representatives who would have the authority to overwrite iCloud ownership - an incredibly questionable power. They would need to be able to validate various documents (e.g. US military ID or some obscure residence permit in Japan), be able to verify photos (which with recent ML advancements is becoming increasingly difficult), make phone and video calls to verify identify, and so much more. In turn, these representatives would become vulnerable to social engineering attacks themselves. If they overwrite ownership for a very sensitive account - who would ever trust Apple again?

It’s basically one of the major principles of cryptographic products: it’s safer for them (and, to be honest, for everyone) to deny giving access to one account, then jeopardize trust in the entire company.

I hope Apple will be able to help you through some process - maybe it takes longer than it should have. Good luck!