I was able to recover my Rubygems account :); unfortunately my projects were all private and solo :(; I am currently looking into lawyers—if anyone has any recommendations here my inbox is open.
I have no experience with any of this but thinking thru the other side, if I'm an IT helpdesk person getting an account reset/unlock request, I have no means to validate any identity paperwork anyone sends in. My response would be a curt email accd to policy and move on to the next IT ticket.
I think the legal path is your best bet unless you know someone higher up. A legal path could bypass all the offshore IT helpdesk staff (making assumptions, MSFT is a giant mega-corp).
I haven't used Rubygems before but doesn't it allow publishing from a new repo? pypi allows updating publishing configs.
A repo fork (and maybe more so the GitHub identify fork) is definitely not ideal but if your users can get updates to their packages, maybe it's best to move forward as well as possible.
- If the most important thing is control of the Ruby gems, reach out to RubyGems.org support
- for your projects, if you have are past collaborators on those repos, they can sometimes open GH tickets referencing the project and vouch for you. Doesn't guarantee success, but adds weight
- GH (being part of MSFT) does have some channels for escalated identity verification. Lawyers or notarized ID may be needed...possibly expensive, but sometimes the only way
GH support is extremely strict on account recovery once 2FA/backup codes are gone. I wish you luck!