This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Google Cloud Account Compromised

Posted a week ago
danherman212245
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Greetings,

I have a personal Google Cloud account that I've been working from since January.

Today, I noticed a project in the project section that I DID NOT CREATE.  When I try to access any resources in the project, it shows that I do not have permissions.  

I go to the manage resources page.  I can see the project ID but there is no project name, but it doesn't allow me to access any settings or delete the project.

My intuition tells me the account is compromised, however, I don't have much experience with GCP, so I wonder if there is an alternate explanation?

If the account is compromised is there a support channel available for assistance?  I am using a personal account, which doesn't offer support, which is why I'm posting here.

Thanks for reviewing this question.

Cheers

0 1 61
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
francislouie
Staff
Reply posted on --/--/---- --:-- AM

Hi danherman212245,

Welcome to Google Cloud Community!

There are both security-related and non-security-related explanations to consider. Here’s how to evaluate the situation:

Signs of a Potentially Compromised Account

  • Unauthorized Project Creation: A project you don’t recognize could indicate someone with access to your account created it.
  • Permission Issues: If you’re unable to manage or delete the project, it might suggest someone altered IAM (Identity and Access Management) permissions or created the project with restricted access.

Recommended Actions

1. Review Security Activity:

  • Check your Google Account’s security activity at myaccount.google.com/security for unfamiliar logins, devices, or locations.
  • Review GCP audit logs (if accessible) in the Cloud Console under “Activity” or “Logging” for unexpected actions.
  • Look at your billing account at console.cloud.google.com/billing to see if the project is linked to your billing or if there are unexpected charges.

2. If you suspect compromise, act immediately:

  • Change Your Password: Update your Google Account password at myaccount.google.com/security.
  • Enable or Verify 2-Step Verification (2FA): Ensure 2FA is active to prevent unauthorized access.
  • Sign Out All Sessions: From the security page, sign out all devices except the one you’re using.
  • Check Third-Party Access: Review apps or services with access to your Google Account under “Third-party apps with account access” and revoke any unfamiliar ones.
  • Review IAM Policies: If you regain access to the project (see below), check IAM settings to identify unrecognized users or service accounts.

3. If you confirm unauthorized activity (e.g., unfamiliar logins or billing charges), treat it as a security incident:

  • If billing is affected, use the billing support to report fraud.
  • Consider shutting down your billing account temporarily to prevent further charges, but note this may affect legitimate projects.

Lastly, If you're unable to delete or manage the project, it likely means you do not have the required IAM role—such as roles/owner or roles/resourcemanager.project.Deleter.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

0 Likes
Top Labels in this Space
Top Solution Authors
View all