Charles Jones faces $11,089.77 charges after Google warned him of hijacked credentials
A 48-hour Gemini-image surge followed a warning about a compromised firebase-adminsdk key, but refunds were denied.

Solo developer Charles Jones says Google Cloud warned him his service account key was compromised and suspended his account, then still charged him $11,089.77 for 48 hours of activity. For decision-makers, the case spotlights how Google Cloud spending controls and shared responsibility can leave customers holding the bag during account hijacks.
On June 7 and 8, solo developer Charles Jones says his Google Cloud account racked up $11,089.77 in charges, with most related to Gemini image-generation models, even though he claims he has no workflow that generates AI images. Jones told The Register he received a suspension notification that said his account “was engaged in abusive activity consistent with hijacked resources,” attributing the root cause to a compromised firebase-adminsdk service account key.
He did what Google asked. Jones says he reported his concerns, then disabled the service account and revoked the key after the suspension notice advised him to do so if he believed the account was compromised by a third party. The Google Cloud billing team, however, has repeatedly refused to forgive the charges, even though Jones says he followed Google’s recommended security steps and he says he was the only person who had access to the VM where the compromised key resided.
That combination, warning plus suspension on one side, refusal to refund on the other, is what makes the story stick. In practice, it is a high-friction test of Google Cloud’s “Shared Responsibility Model” for security. Jones argues that shared responsibility is being used in a way that assumes a customer security failure that Google has never actually demonstrated. He points to the gap between Google’s Trust & Safety alert, which was quick to notify him about a compromised service account key, and what he says he was not given: “no route, anywhere, to see HOW or WHERE that key was actually exposed,” with “no trace, no log path, no forensic detail offered.”
Jones’ central complaint is not just about money, it is about evidence. He says he cannot find a way to verify how a single-access VM produced a leaked service account key. Then he is left in a position where, according to his account, the burden shifts back to him to prove he secured something Google itself cannot or will not show him how it failed. The Register asked Google twice why it would deny a refund and what evidence supports that decision, and says it did not hear back.
If you are an operator, founder, or investor trying to get your arms around cloud risk, this is also a pattern you should recognize. The source notes that complaints about charges arising from fraudulent API key usage among Google Cloud customers are not uncommon. It cites a February claim from a developer based in Vietnam who said a compromised Google Cloud API key resulted in more than $82,000 in charges over 48 hours. It also points to a similar report claiming more than $10,000 in fraudulent charges that surfaced on Reddit a month later. That suggests this is less a one-off billing misunderstanding and more a recurring edge case in how cloud providers handle credential compromise and subsequent billing.
Why does this matter beyond one developer’s pain? Because the industry incentives are stacked in ways that do not always align with customer expectations during fraud events. When credentials are hijacked, the system that detects abuse may act quickly, but the financial reconciliation may still default to the customer’s liability for unauthorized usage. Jones’ case underlines a key tension: even if the card-issuing bank reverses a charge as fraudulent, Google may still choose to hold developers liable for unauthorized charges. That means “fraud protection” in banking does not necessarily protect cloud budgets.
There is also an important mismatch between what customers might assume about spending limits and what Google says it currently provides. The source explains that Google has not publicly released a mechanism to cap Google Cloud spending. Spend Caps exist for certain services as a private preview but are not generally available. It also clarifies why other controls can fail to behave like a true project-wide budget cap: API-specific usage limits are “not designed to act as a project-wide spending cap,” and Budget Alerts “don’t automatically prevent the use or billing of your services when the budget amount or threshold rules are met or exceeded.”
Google’s workaround, according to the source, is to use Budget Alert notifications to disable cloud billing. But it warns that doing so means “resources might be irretrievably deleted.” That is not just a technical caveat, it is an operational tradeoff: you are choosing between limiting financial exposure and risking data or service loss. The source adds that in March Google introduced project spend caps for the Gemini API as an experimental feature, while also saying spend caps have a 10-minute delay, with customers responsible for spending during that period. Even then, Google’s system “now automatically upgrades you to the next [usage] tier as your usage grows and your payment history matures,” and higher tiers raise spending caps, making the concept of “cap” feel more like a moving target.
Zoom out and the strategic stake becomes clear. If a cloud provider’s security notifications do not come with customer-accessible forensic detail, and if billing appeals do not require a demonstrated customer negligence or an auditable trail that customers can inspect, then executives cannot treat incident response and spend governance as separate workstreams. They are the same workstream, just with different owners. For boards and finance teams, these cases argue for tightening internal controls around credentials, budgets, and incident escalation, because even with suspensions and security guidance in place, the financial consequences may still not be forgiven.
And for peers building on Gemini or any high-throughput model API, the message is straightforward. You can have strong intent and still be exposed to rapid charge accumulation within the same 48-hour window, especially when billing controls are delayed, tier-dependent, or not designed as hard project-wide caps. In Jones’ story, Google warned him his credentials were hijacked and suspended his account, but his charges were not reversed. For decision-makers, that is the headline you should not skim past, because the next $11,089.77 may be someone else’s account, but the governance question will land on the same desks.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Technology

June 12 export order sidelined Claude Fable 5, but 2/3 of enterprises already hedged
New VentureBeat Pulse Research finds 51% blended open and closed and 16% moved core workflows off closed APIs.

Sotheby's auctions Jensen Huang's Tom Ford jacket for $40,000-$60,000 starting July 7
Nvidia's CEO turned icon. The sale funds The Edge Institute, with verified wear at Taipei's Hon Hai Tech Day.

Ben Collins’ Onion wants to officially take over Infowars, and Alex Jones is furious
The satire outlet is pushing for control while launching a new show to roast “conspiratorial brain rot.” Here’s what changes.

