Skip to main content
Question

Production Firebase project suspended 13 days for suspected credential exposure — no evidence of abuse, seeking guidance on appeal timing

  • June 3, 2026
  • 2 replies
  • 50 views
creatorconnect
Forum|alt.badge.img+1

Hi all,

Looking for advice from anyone who has navigated a "Hijacked Resource" suspension or has insight into typical Trust & Safety appeal timelines.

TL;DR: Production Firebase project (live consumer app) was suspended on May 21 for suspected credential compromise. I had unintentionally committed service account keys to a private repo (months ago) and it has only been pulled by 2 developers.  Despite this exposure, my audit logs show no abusive activity, no foreign IP usage, and total billing for the month was about $1.99. I responded to the Trust & Safety follow-up on May 25 with a full remediation report. 13 days in, still no response. Console is locked behind the appeal screen.

What I've done:

  • Revoked all user-managed keys on affected service accounts via gcloud CLI (only SYSTEM_MANAGED keys remain)
  • Deleted exposed Gemini API keys in AI Studio
  • Purged credentials from version control history
  • Rotated third-party keys (payment processor and others in progress)
  • Reviewed 120 days of Admin Activity audit logs — no unauthorized principals, no unfamiliar IPs, no unauthorized resource creation
  • Drafted org policy to disable SA key creation and moved secrets to Secret Manager

What I'm trying to figure out:

  1. Has anyone seen a "Hijacked Resource" appeal take this long when there's no evidence of actual abuse in the logs?
  2. Is there a way to regain limited console access (specifically IAM and APIs & Services) to complete credential rotation while the appeal is pending? Right now I'm locked behind the appeal screen and can't fully audit/rotate from the UI.
  3. I may have hurt my case by submitting multiple appeals on May 21 as I discovered new information — has anyone seen this affect review timelines?
  4. Any guidance on appropriate escalation paths I haven't tried? I've filed a support case and a billing support case in addition to the appeals.

Business impact: This project supports a live music streaming app with active creators. Today is the 1st of the month and creators can't request payout through the suspended dashboard. Looking at manual payout processes in parallel, but reinstatement would obviously be the cleanest resolution.

Happy to share the full appeal response privately if anyone with Google contacts can help route this. Project ID available on request.

Thanks for any guidance.

2 replies

a_aleinikov
Forum|alt.badge.img+6
  • a_aleinikovBronze 1
  • Bronze 1
  • June 5, 2026

Hi, Sorry to hear about the impact. I don’t have visibility into Google Trust & Safety timelines, but from what you described, you already covered the most important remediation steps: revoked exposed keys, removed credentials from source control, rotated secrets, reviewed audit logs, and prepared preventive controls. I would suggest keeping one main appeal/support case updated with a clear remediation summary, evidence of key revocation, audit log review results, and the current business impact. Submitting multiple new appeals may make tracking harder, so continuing in the existing case is probably cleaner. For limited access while the project is suspended, support would likely need to confirm what is possible. If CLI access still works for some operations, include what you already completed there and what remains blocked by the suspension. Hope someone from Google can help route or review the case.

Forum signature: Aleksei Aleinikov | Senior Cloud Platform Engineer | Google Cloud | Security | IAM | Kubernetes | Terraform
creatorconnect
Forum|alt.badge.img+1

@a_aleinikov i responded to the appeal case automated email I received on May 25th. Letting them know the details of what has been done. If I shared the appeal case with you could you look into it? I also started a support case through my orginization because I was locked out of everything in the specific project and they basically told me I have to wait for a manual check… thanks for your reply. As you can imagine this is truly urgent. 

    Terms & ConditionsAccessibility statement
    Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

    © 2025 Google. All rights reserved.