bug-bounty361
xss319
google242
facebook201
microsoft192
apple135
exploit110
rce94
csrf79
writeup61
account-takeover60
browser50
bragging-post50
defi48
smart-contract47
access-control46
ethereum44
authentication-bypass43
malware42
open-source42
ssrf39
privilege-escalation38
web338
ai-agents35
docker35
cve34
smart-contract-vulnerability33
aws33
sql-injection32
dos32
sqli30
idor29
oauth28
react28
supply-chain27
api-security26
information-disclosure25
wordpress25
solidity25
subdomain-takeover25
clickjacking25
denial-of-service25
race-condition23
burp-suite23
remote-code-execution22
node22
cloudflare21
phishing21
vulnerability-disclosure21
automation21
0
4/10
A developer's Firebase-hosted personal API was flagged as phishing and suspended without prior warning after accidentally mixing emulator and production authentication credentials during testing. The suspension lacked specific explanation, provided no recourse process, and received no response to appeals or compliance inquiries over a week.
firebase
gcp
phishing-flag
false-positive
account-suspension
vendor-lock-in
cloud-platform
authentication
credential-mismanagement
api-security
platform-risk
Google Cloud Platform
Firebase
Chris Vogt
metrics.chrisvogt.me
personal-stats-chrisvogt
Goodreads
Spotify
Instagram
Discogs
Steam
Vercel
Fly.io