in Google Cloud, you can assign admin, billing, etc to a google group.
Years ago I made a google group for google cloud administration
A company in Spain, a bunch of startups, etc have added that google group (by accident) as an IAM user with varying level of roles attached
I now have billing access to one account, admin access to another, can just hop into the database of at least two of the accounts
I try to reach out to google support but because I don’t have “business” or “enterprise” level support I can’t even submit a ticket
I’m trying to let them know but can’t, they do t do chat, no phone number, even billing contact is an automated chatbot only
GCloud should have like “emergency reach out to a person” link or something
I submitted a ticket to the support team advising them in painstaking detail the steps needed to reproduce this vulnerability. They could also look at my account and see that I got stuff without paying.
A couple days later I got a reply from a support manager that my concern wasn’t valid and there was no bug.
The next week I happened to be at a conference where the company in question was a sponsor. So, I visited their booth and spoke with the VP of Eng. He asked me to forward the ticket to security@. Within 8 hours I got a reply from them saying that they had fixed the bug.
I guess I’m saying that even if Google let you submit a support ticket it might get ignored because they aren’t trained to deal with security reports.