Security Question: Added to an unknown Google Cloud project without my permission

Hello everyone,

I’m new to this forum and it looks like a great community.

I’m learning about Google Cloud in my spare time. A while ago, I noticed a new, unfamiliar project in my Google Cloud Console. I don’t remember creating it, and when I tried to delete it, I discovered that I don’t have the necessary permissions.

As a security precaution, I have already removed all my personal data and credit card information from my Google account.

My main question is: How is it possible for someone I don’t know to add my account to a GCP project, especially in a way that I don’t have permission to leave or delete it? I’m trying to understand the security implications of this.

Thank you for any insights you can provide.

Someone likely added your email address to their project’s IAM settings, granting you a limited role to their project. This doesn’t require your consent and, unfortunately, without higher privileges, you cannot remove yourself. More of an annoyance than anything - the project is linked to their billing account so there is no financial risk.

Hi @adalbertobrant,

In addition to Andrew’s response, you may check both threads where the issues has been resolved just by unsubscribing to the groups they were listed in:

• URGENT - SECURITY: Mystery project in Google Cloud Platform account which I cannot delete:

  • check the list of editors and viewers for google groups (@googlegroups.com), and check if you’re a member of any of those groups. You just have to remove yourself from the groups.

• Somebody created projects on Google Cloud in my account without my knowledge:

  • As per OP: Apparently they showed up because of my account’s Google Groups subscriptions. I removed myself from all groups and the projects disappeared. I wasn’t the only one with problems removing myself from projects, as we can see on this issue and this issue, opened in Google’s issue tracker.