I enabled the Gemini API in one of my projects.
A few days ago (11th April 2026) my project was suspended due to activity consistent with Account Hijacking. There’s no evidence of any server keys being leaked.
I checked the Google Cloud billing console and saw calls to Gemini API models that we don’t call anywhere in our project, which means an unauthorized user called those models using our Firebase configuration.
I submitted a reinstatement request but the support team says they can’t reinstate the project.
Has anyone had a similar case, and how did you get it resolved?