How can you protect yourself against this kind of attack? What can cloud providers change to mitigate such attacks?

What will be an ideal response?

Some ways to protect oneself are to use fake or disposable information whenever possible; limit the providers you share information with; limit, to the extent possible, the overlapping information between accounts. Cloud providers can stop asking users for any information they don’t strictly need. They can also use other mechanisms to verify users that are more difficult for attackers to learn, guess, or steal, such as ones that prove your identity more directly (e.g., showing a valid driver’s license to a trusted party).