In a troubling incident, developer Charles Jones reported that his Google Cloud account racked up charges exceeding $11,000 in a 48-hour period from June 7 to 8, primarily linked to the use of Gemini image-generation models. Jones, who operates programmatic SEO and insurance websites, stated that he does not engage in any activities that would generate AI images.
Account Suspension and Charges
Google suspended Jones’s account, citing “abusive activity consistent with hijacked resources” as the reason for the action. The company attributed the issue to a compromised firebase-adminsdk service account key. In response to the suspension, Jones reported his concerns to Google and took steps to secure his account, including disabling the service account and revoking the compromised key.
Billing Disputes and Customer Responsibility
Despite these actions, the Google Cloud billing team has consistently refused to waive the charges. This situation is not isolated; similar complaints regarding unauthorized charges due to API key compromises have emerged from other Google Cloud users. For instance, a developer in Vietnam reported losses exceeding $82,000 due to a compromised API key earlier this year.
Concerns Over Security Practices
Jones expressed frustration over the lack of transparency regarding how the service account key was compromised. He noted that he was the sole user of the virtual machine (VM) where the key was stored and believed he had adhered to Google’s recommended security practices. He questioned the effectiveness of Google’s Shared Responsibility Model, which places the onus of security on the customer without providing evidence of any security failure on his part.
Google’s Spending Cap Limitations
Additionally, Google has not made a general mechanism available to cap spending on Google Cloud services. While it introduced Spend Caps for certain services, these are still in private preview and not widely accessible. Other cost-limiting features, such as API-specific usage limits and Budget Alerts, do not prevent charges from exceeding set thresholds. Jones highlighted that the existing measures do not adequately protect users from unexpected financial liabilities resulting from account compromises.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.








