bug-bounty361
xss317
google241
facebook197
microsoft190
apple134
exploit105
rce93
csrf77
account-takeover60
writeup58
bragging-post53
browser48
defi48
access-control48
authentication-bypass47
smart-contract47
ethereum44
open-source42
malware42
privilege-escalation38
ssrf38
web337
sql-injection37
ai-agents35
docker34
cve33
smart-contract-vulnerability33
dos31
aws30
react28
idor28
supply-chain27
api-security26
sqli26
information-disclosure26
denial-of-service26
clickjacking25
wordpress25
solidity25
oauth25
burp-suite24
subdomain-takeover24
race-condition23
remote-code-execution22
node22
vulnerability-disclosure22
automation21
phishing21
cloudflare21
0
4/10
A developer's Firebase-hosted personal API was flagged as phishing and suspended without prior warning after accidentally mixing emulator and production authentication credentials during testing. The suspension lacked specific explanation, provided no recourse process, and received no response to appeals or compliance inquiries over a week.
firebase
gcp
phishing-flag
false-positive
account-suspension
vendor-lock-in
cloud-platform
authentication
credential-mismanagement
api-security
platform-risk
Google Cloud Platform
Firebase
Chris Vogt
metrics.chrisvogt.me
personal-stats-chrisvogt
Goodreads
Spotify
Instagram
Discogs
Steam
Vercel
Fly.io