Hello everyone,
I am seeking urgent guidance regarding a GCP project suspension. My account was recently suspended, and I received an email stating that the project was engaged in abusive activity consistent with "hijacked resources."
The Situation:
- Access Denied: My production application is currently offline. Whenever I attempt to access the IAM & Admin or APIs & Services dashboard to investigate, I am automatically redirected to the suspension warning page.
- Unknown Leak: I have audited my frontend/backend/app environment variables (
.env) but haven't found any obvious exposures. - Account Lockout: Because I cannot access the IAM dashboard or Cloud Logging, I am unable to identify which credential is being abused or delete the compromised keys.
- Appeal Status: I submitted an appeal over a week ago, but I have not received a response, and my production app remains affected.
My Questions:
- Is there a way to access Cloud Logging or Security Command Center via the SDK or a restricted console view while the project is suspended to identify the source of the abuse (e.g., specific IP addresses or hijacked keys)?
- Can I programmatically revoke all existing API keys via
gcloudor a similar tool if the web console is locked? - Are there specific channels to escalate an appeal when the suspension is caused by a hijacked resource rather than a policy violation?
Any advice on how to regain enough access to rotate my credentials and secure the project would be greatly appreciated.
