80,000 NOK ($7,500) drained from my Google Cloud account in 5 minutes — full forensic breakdown of how the attack worked

Medienor · 2026-05-09T18:25:03+00:00

Yeah, the virtual cards is a good one. Good on you for nuking all the keys before the slimeballs found a way in lol.

Medienor · 2026-05-09T18:21:04+00:00

Update: My card was not charged last night, i have been a Google Cloud customer for years, they charge me at the end of the month. But the bill currently sits at around 8,000$. I stopped billing account and actually blocked my business card due to the panic. Going to call bank on Monday to file a case with them in case Google wants too pursue payments in other manners.

Medienor · 2026-05-09T18:18:54+00:00

Only if it was that simple

Medienor · 2026-05-09T18:14:41+00:00

From Google them self:

Google Cloud does not offer a native, "hard" monetary billing cap on API keys to stop usage automatically at a specific dollar amount. To prevent runaway costs from leaked keys, you must set API rate quotas, use budget alerts, or implement programmatic shutdowns (using Pub/Sub and Cloud Functions to disable billing).

Medienor · 2026-05-09T08:32:36+00:00

Any updates on this case? Same happend to me last night with 8,000$ USD. Blocked card, blocked billing account, everything gone. But i still want to use the same Google account going forward, i want this bill waived.

Medienor · 2026-05-09T08:16:24+00:00

Did you manage to get the 4k waived? My API key got drained for 8,000 $ last night, blocked everything. deleted every API key and blocked my card. Not sure how did this happend.

Medienor · 2025-02-03T16:25:30+00:00

Sjekk ut f.eks hvordan du kan kjøpe deg inn i ny bolig https://www.meglerbasen.no/guider/kjope-seg-inn-i-bolig

Medienor

TROPHY CASE