My Google Cloud project has been suspended for more than 14 days, with the reason: “abusive activity consistent with hijacking.”
From what I understand, this happened because someone scraped a Gemini API key that was most likely automatically generated when I tried Firebase AI Studio. The compromised Gemini key appears to match the public client api_key from my Firebase google-services.json.
I checked Google AI Studio, found the compromised key, and deleted it. I also checked billing in Google AI Studio and did not find any unexpected charges.
However, I am unable to check billing in Google Cloud Console as suggested on the appeal page, because I cannot navigate anywhere inside the suspended project. Every page redirects me back to the appeal page.
Current status:
The compromised Gemini API key has been permanently deleted.
The Firebase API key was rotated, and a new google-services.json was added and published in a new version of the app.
I manually reviewed the project files to make sure there are no exposed keys or unsafe configuration files.
Project details:
Case number: 183960404246
Project ID:(PII Removed by Staff)
I would really appreciate any help, advice, or escalation from the community or the Google Cloud team. The project is still suspended, and my app users are affected because Firebase login and related cloud features are not working.
Hi there, I am having the same issue as of last night where I cannot access my Google Cloud Console to identify where the harmful activity is occurring without the “request an appeal” page appearing.
@kvazios How did you figure that your compromised API key came from Firebase AI Studio? I’d like to check that for myself.
In Google AI Studio, the name of the key was “Key 1,” and the last visible digits (in my memory) were the same as in the API key. It was created long ago, and the first AI feature I tried was Firebase AI Studio and Gemini for crash analytics (but second is free, so as far as I understand does not require API key).
Edit: An explanation of why I think it’s related.
Edit2: Although I may be wrong, obviously.
Thanks for your reply. I’ve made some discoveries:
I used the same Gemini API key for two separate Cloud Run apps
Both are deployed via Vercel
One of them has been completely shut down and the project deleted from Vercel (I suspect this is the one that triggered the “hijacking” behavior). This project can no longer be accessed online and returns a 404
I cannot access activity, usage, or billing logs or metrics in any capacity through Google Cloud Console.
However, going to Google AI Studio > Billing reveals that I have now received a $27 charge. Clearly this was the result of the hijacking
From there, I cannot take any action because the Billing Account associated with that API key is now disabled by Google Cloud, nor can I glean any insights into how or why that happened
As far as I am aware, there was no obvious public exposure of my API key. However, I do suspect that the recent Vercel security incident has something to do with it.
Frustratingly, I have submitted the appeal form but am not receiving email confirmation of it, nor is the appeal page disappearing or showing that I have submitted the appeal. I seem to be completely stuck out of the account.
Next Steps:
Contact Google Cloud support to ask for help in contesting the charge
Move the remaining Cloud App that was using this API key to either a new GCP project or different cloud infrastructure, along with a new API key
Investigate and redeploy the deleted app on different cloud infra
@kvazios - Keep me updated on what you find out. If you used Vercel, check that too.
You’re right - I came across that post first but strangely it has been locked/closed with no solution, follow-up, or response. I intended to make a separate post until I saw you had posted this within minutes, figure I’d tag along here and see if we can get any solutions.
I’m mostly following to see if there is any way we will be able to glean insights into the project logs without submitting and waiting for the appeal. The appeal logic appears to also not be working so following on that.
As you mentioned @bearons, your problem started last night, and the appeal response timeline is 2 business days. I believe you will receive a response, because the first response (and the last for now) I received came in 2 business days, but it was generic: “What did you do, and why do you think this happened?”