Urgent – Google Cloud Project Suspended (ACCOUNT_HIJACKED) – Business Impact

I have the exact same issue. Still no reply to the appeal after 2 weeks.

Wondering if there’s an alternative to get the application up and running again? Perhaps creating a new account, export everything from firebase etc., to the new account. 

Short D+8 update — and one practical suggestion addressing Fernando's "new-account export" question.

@vince5959 @fernandoredondo — I'm a third owner caught in the same pattern, sharing my D+8 status and a narrower sub-request that may be directly useful for Fernando's question.

Where I am at D+8:

- Suspended 2026-04-16 (revents-29bba, AI Nomusa — a Korean labor-law compliance platform).

- Appeals: April 16 (initial), April 18 (supplementary), April 22 (comprehensive consolidated — 23 remediation actions completed, root cause identified as an accidental .gitignore edit overwrite, no account compromise, zero anomalous charges during the exposure window).

- April 22: separate Korean-language complaint filed with Google Korea 국내대리인 (the legally designated local representative under Korean ICT Act Article 32-5, which carries a statutory response obligation in Korea).

- Today (D+8) I received a brief follow-up asking for additional information on remediation and project behaviors, and replied in-thread with a direct summary of my April 22 submission (English + Korean translation).

No restoration decision yet.

On Fernando's "2 weeks no reply / alternative route" question:

Fernando — you asked whether there is an alternative route like creating a new account and exporting from Firebase. I went down exactly this path, and I want to flag something practical for anyone else considering it:

With a CONSUMER_SUSPENDED project, every data API (Firestore, Cloud Storage, RTDB, even Firestore PITR clone to a different project) returns an authentication error, so a standard user-side export is not possible. Firebase Troubleshooter also required a paid Standard support plan with an Organization, which is unavailable to sole-developer projects.

The only mechanism I found that could plausibly work is to ask Google directly, as part of the appeal, for read-only data access or a one-time data export, to be processed in parallel with — and strictly before — the final restoration decision. I framed it as a narrow sub-request: no compute reactivation, no new attack surface, purely a data-preservation mechanism for the suspended project's Firestore / Cloud Storage / RTDB contents.

My specific justification was statutory third-party harm: my project provides digital pay stubs that are legally required under Korean Labor Standards Act Article 48 (administrative fines up to ₩5,000,000 per worker per violation), and the April payroll cycle in Korea ends on April 25 / 30. If you or @vince5959 have similar third-party-harm context (employees, customers, regulators, other statutory timers), stating it explicitly alongside the primary appeal seems to be the one mechanism that doesn't rely on restoration happening first.

I don't know yet whether Google will grant this sub-request — I'll report back either way.

Why I'm posting this publicly:

The more of us who keep our cases visible here, the harder it is for any single suspension to quietly turn into a multi-week or multi-month invisible wait. If you received a similar brief follow-up recently, consider replying here too — the pattern matters.

I'll post another update when there's a substantive response, or at D+14 if not.

— @freya0207

Unfortunately, I still have no updates regarding case #70327888…

My business is completely at a standstill, and I have had no response from technical support.

I regularly contact the billing support team, but there is very little they can do on their end…

I truly hope the project can be reactivated today—my business depends on it. Every day I receive complaints from my clients, requests for cancellations, and PayPal disputes because my app is no longer accessible.

At this point, I really don’t know what else to do… it’s very frustrating not to have any timeline or response from them. You truly feel powerless. It feels like years of work are falling apart :(

Hi Vincent,

Sorry to hear this. Since the project was suspended for ACCOUNT_HIJACKED, only Google Cloud Support can safely restore access or guide recovery.

Please keep updating case 70327888 and clearly mention that your app is down, clients are affected, and you cannot access the project to revoke keys or secure it. Also provide proof of ownership, billing details, project ID, and the steps you already took, such as stopping billing.

Avoid sharing sensitive details publicly here. Hopefully Support can review and restore limited access so you can secure the project.

Im facing the same problem, my project has been suspended for 3 weeks now, it is so frustrating and years of work for a dog community app is slowly vanishing. SO frustrating and I feel so helpless.

Case-id: [removed by moderator]

Hello ​@vince5959 

May I ask where you created your support case? I would love to do the same thing since I still haven’t received an answer to my appeal and have no way in getting contact with anyone in order to escalate it.

My fear is that I will receive an answer to the appeal, then I will answer in turn, and have to wait another 3 weeks for a response to that, etc.

​@fernandoredondo 

The support case was created by the Google team when they suspended my account during the attack. I’ve been replying directly in that case.

This happened last Saturday, and the Safety team contacted me today. I really hope my account will be reactivated today. 🙏🏻🙏🏻🙏🏻🙏🏻🙏🏻🙏🏻🙏🏻🙏🏻🙏🏻

​@vince5959 

Do you mean that you replied to the “appeal recieved” email that Google sent you — is that the support case?

Hello ​@vince5959 

How fast after you replied to the safety team email did your account got reactivated? 

​@fernandoredondo 

The following day. Now everything is back in order for me, and I’ve applied all the security measures to my account.
I hope everything will get back to normal quickly on your side.🙏

​@vince5959 

Good to hear. I have my hopes up that my issue will get resolved this week... And all your data was still intact, firestore etc?

We are also facing this same issue for 21 days!

have no clue what to do next!

everyday billing team support just ask for another 2-3 days

Same here, my project have been suspended this morning.

My app is down, clients complaining. 
Seems like it’s the gemini credentials that have been compromised. even if i have set a limit of 10€ :( 

Please if you have any advice on how to recover firebase data let us know 

Is the issue solved?

Hello Guys yesterday i woke up to the suspension email, and today it’s resolved.

Here is what i understood : 

• Some api key (not the .json service account ) is by definition exposed for auth / firebase interacation
• Once gemini api is enabled, it’s granted access
• Someone managed to get the key and used it intensively  (cost me 20€)
• I have a website, android mobile app, can’t tell where the issue happened

What i did next :

• Using gcloud terminal list all credentials created and delete the ones that are not relevant
• For the others rotate the keys 
• Most important in ai studio add a limit 
• Disable gemini api 
• Fill the appeal form with details about all what you just did before… 

Now it’s time to start thinking about blue/green  deployment :)) 

Great to hear that it was resolved ​@abdou_qaima_app 

In my case, according to Google Support the problem was that Gemini API had been misused by an unknown person to generate a lot of images. I disabled the Gemini API, revoked the API keys of course and the issue is now resolved. I’ve heard that from more users that the issue is in fact Gemini API in most cases - so if you have that activated, please make sure that you disable it ASAP. 

Same thing happened to us today. Our account got suspended for ‘hijacked resources.’
When we investigated, we found a huge spike in usage for the Nano Banana 2 model. The weird part is — our app doesn’t use any image models at all, and we don’t even have image generation functionality anywhere in the app.

We already blocked all image models yesterday, but today we still received the suspension email.

We’re only using gemini-flash-latest, and we’re using the Firebase AI SDK, which auto-generates the API setup. Honestly, we have no idea what’s going on.

same issue here, 13 days.

I am facing the same problem. My project was suspended a week ago and I still have not received any clear response.

The worst part is that I do not have access to the Google Cloud Console, so I cannot revoke or delete the compromised API keys myself.

This is extremely frustrating and upsetting, because all of my Firebase data and services are suspended because of an API key issue. In my opinion, the compromised key should be suspended or revoked, not the entire project.

I am seriously considering migrating my data to other database providers because of this experience.