This is actually an old issue of many domain registrars, as well as nameserver-hosting companies. They are extremely vulnerable to phishing and other attacks, because their customer support can unilaterally do whatever you convince them to do. And it turns out that often they don't take any convincing! I have gotten domains transferred and nameservers changed many times over the years with zero documentation. Which means cyber criminals can do it to you too.

Too bad there's nothing we can do about it. It's up to the corporation to decide how they want to deal with this; if they screw you over, there's no consequences to them. You could try to sue them, but that would take years to unravel (if you even win), and meanwhile your online business is shut down.

We could introduce regulatory codes, like a software building code, or an internet infrastructure code, to prevent these kinds of things from happening, with a faster recourse if it does, inspections to ensure it is being done well, and fines if it's not. But that sounds like a lot of work; I'm sure companies have our best interests at heart! Let's keep everything exactly as it is.

This wasn’t a phishing attack. Did you read the article?