bug-bounty356
xss320
google245
facebook204
microsoft192
apple136
exploit112
rce94
csrf80
writeup63
account-takeover59
browser50
defi48
bragging-post48
smart-contract47
access-control46
ethereum44
open-source42
malware42
authentication-bypass40
ssrf40
web338
privilege-escalation37
sqli35
docker35
ai-agents35
cve34
smart-contract-vulnerability33
aws33
dos32
idor30
react28
oauth28
supply-chain27
sql-injection27
clickjacking26
subdomain-takeover26
wordpress25
solidity25
denial-of-service24
api-security23
information-disclosure23
race-condition23
burp-suite22
node22
phishing21
cors21
automation21
vulnerability-disclosure20
reverse-engineering20
0
4/10
A developer's Firebase-hosted personal API was flagged as phishing and suspended without prior warning after accidentally mixing emulator and production authentication credentials during testing. The suspension lacked specific explanation, provided no recourse process, and received no response to appeals or compliance inquiries over a week.
firebase
gcp
phishing-flag
false-positive
account-suspension
vendor-lock-in
cloud-platform
authentication
credential-mismanagement
api-security
platform-risk
Google Cloud Platform
Firebase
Chris Vogt
metrics.chrisvogt.me
personal-stats-chrisvogt
Goodreads
Spotify
Instagram
Discogs
Steam
Vercel
Fly.io