Hi everyone,
I’m posting here because our production infrastructure was suddenly suspended by Google Cloud due to “abusive activity consistent with hijacked resources.”
We fully understand the seriousness of security issues and want to resolve this immediately. However, we received no prior warning, and the suspension notice did not include details about which credentials or resources were involved.
We have already submitted an appeal but have not yet received a response.
This infrastructure powers a live production service used by customers. Because of the suspension, the service is currently blocked and our operations are effectively at a standstill while we wait for a response.
Our application is hosted on Vercel, which recently disclosed a security incident involving access to customer environment variables (we suspect this is the culprit).
Incident details: https://vercel.com/kb/bulletin/vercel-april-2026-security-incident
We contacted Vercel, and they confirmed that our account was not among those whose information was exposed. However, given the timing of events, we initially investigated this as a possible cause.
We are fully prepared to resolve any security issue immediately and follow best practices:
-
Rotate all service account credentials and API keys
-
Delete any unauthorized resources
-
Move all secrets to Google Secret Manager
-
Remove credentials from environment variables and deployment configurations
However, the suspension currently prevents us from completing these remediation steps.
-
Has anyone experienced a similar suspension for suspected hijacked resources?
-
What was the typical timeline for an appeal response?
-
Is there any way to escalate a case with the Google Cloud Trust & Safety team?
If anyone from the Google Cloud team happens to see this, any guidance would be greatly appreciated.