Project: harmonea-a873b (681107406442)
Billing account: 015CDD-C0C8DF-69…
Issue: Unauthorized Gemini API charges of ~CA$2,918 on or around May 3, 2026
Evidence:
- Single-day burst totalling CA$2,918 with no preceding or following usage
- Project was automatically flagged by GCP abuse detection — REINSTATE
audit event at 2026-04-30T19:14:55Z (resource type
abuseevent.googleapis.com/Location, action=REINSTATE) - Zero application-level Gemini calls logged in Cloud Logging for the
spike window (Cloud Run / Cloud Functions had no traffic that could
account for the spend) - The API key in scope at the time was a Firebase auto-generated
Browser key (UID 970e24ea-1d3a-4116-9c87-3a2da2709c16) whose
restrictions allowed firebasevertexai.googleapis.com — the likely
bypass path. This restriction has now been removed and the key has
been rotated. - Tier 2 monthly cap (CA$5,000) was triggered by this single burst,
pausing service for legitimate users.
Requesting: full credit/reversal of the ~CA$2,918 charge. We have
implemented mitigation: key rotation, restriction tightening, and
Secret Manager audit logging.