Login

u/Far_Loquat_349

▲ 41 r/googlecloud+3 crossposts

I woke up to a financial nightmare this morning and I am still piecing it together.😭

I started a small hobby project called Zuzu Club on Google AI Studio. Nothing fancy. Just experimenting with the Gemini API. My spend cap was set to ₹5,000 (which I can afford). I thought I was safe. I was not.

Somehow, ₹39,316.69 got billed in a single month. Most of it, ₹35,340, happened in a single 24-hour window on Apr 25-26. (Prolly API key compromised, still awaiting the full picture)

Then it got worse.

On Apr 27, two charges of ₹15,000 each hit my Visa credit card without any approval from me. No OTP. No confirmation. Just gone. ₹30,000 out of my account in two transactions. 😢

And then Google suspended my entire GCP account, citing "abusive activities violating Google's policies."

Here is the part that makes my head spin. Google's own systems detected the abuse and shut down my account on Apr 26. The unauthorized card charges came through on Apr 27, one day after Google had already confirmed something was wrong. So Google knew, and the billing kept going anyway.

What I have done so far:

  • Called my bank immediately. Card blocked. Fraud investigation opened.
  • Deleted all API keys
  • Checked Logs and Datasets. Logging was never enabled, so there is zero local record of what ran
  • Submitted the GCP account restriction appeal. Google says 2 business days.
  • Filed a separate billing support ticket for the refund

The spend cap is labeled "Experimental" in Google AI Studio. I did not know that meant Google could blow past it entirely. Did you?

This whole experience raises a question I cannot shake. Is Google AI Studio actually trustworthy for individual developers and small projects? A spend cap that is labeled "Experimental" and can be blown past entirely. No hard billing limits. No OTP or approval required for threshold charges on a linked credit card. Logging disabled by default, so when something goes wrong you have zero evidence. And when Google's own systems detect abuse, the billing continues anyway for another 24 hours.

Does Google truly understand the security implications of putting API keys in the hands of everyday users without bulletproof safeguards around them? Because right now it feels like the infrastructure was built for enterprise teams with dedicated security monitoring, not for someone running a small personal project.

And now? I am genuinely scared to use Google AI Studio again. A tool I was excited about has turned into something that drained ₹39K from my account, hit my credit card twice without asking, and left me chasing appeals and bank investigations. That trust is gone. 🥺

My questions for anyone who has survived this:

  1. Has Google actually refunded charges from compromised API key abuse? Or do they just restore the account and call it done?
  2. Is there any way to reach a real human at Google Cloud billing faster than the 2 business day appeal window?
  3. Should I push the bank chargeback hard in parallel, or does that hurt my Google appeal?
  4. Am I missing anything?
  5. Will I ever feel safe using Google AI Studio again?

This is a scary situation and any help from people who have been through it is genuinely appreciated. 🙏

u/Far_Loquat_349 — 24 days ago
▲ 4 r/websitefeedback+1 crossposts

Hey everyone,

Sharing my side project here for some real feedback.

What it does: You land on the page and you're instantly connected to another person. No account, no login, no signup required. One click and you're talking to someone. That's the whole thing.

The audience is people who just need to talk but find every other option too heavy or complicated.

What I genuinely want feedback on:

  • Does the landing page tell you what it is within the first few seconds?
  • Does the minimal design feel intentional or just unfinished?
  • Does the no account approach feel like a feature or does it feel untrustworthy?
  • What is the first thing that would make you leave without trying it?

I deliberately stripped back every feature that wasn't essential. Trying to find out if that reads as clean and focused or just bare.

Not here for compliments. Here for the honest stuff that helps me make it better.

Let me know your thoughts in the comments or feel free to DM me.

zuzu.club
u/Far_Loquat_349 — 2 days ago
▲ 1 r/ideavalidation

Genuinely want to stress test this idea before I go deeper.

The premise is simple. Most people have moments where they need to talk to someone but every option available feels like too much effort. Signing up somewhere feels heavy. Calling a friend means context and history. Professional help feels like a big commitment for what might just be a bad Tuesday.

So the idea is this. You open a page and choose one of the two options & you're instantly connected to another person. No account. No profile. No login. Just two people talking.

I've been building a version of this and have gotten some early positive signals. But I want to know if the core idea actually holds up.

A few things I want honest opinions on:

  • Does anonymity feel like a feature or does it make the whole thing feel unsafe?
  • Would you use something like this yourself or recommend it to someone you know?
  • What's the version of this that already exists that I should be worried about?
  • What's the one thing that would make this actually worth using over just texting someone?

Not looking for validation. Looking for the gaps people see that I might be too close to notice.

What do you think?

reddit.com
u/Far_Loquat_349 — 24 days ago