Think of Reddit what you will, but it’s an interesting source of news. I’ve mostly been a reader, and recently discovered that I’ve been on the platform for 18 years — at least according to my profile. That’s probably somewhat accurate.
Anyway — I like how Reddit occasionally surfaces content in areas (sub reddits) I’ve never interacted with — or at least, very rarely. Over the weekend, I received one of those notifications titled: DDoS 98k Firebase Bill Guy: The Billing Support Story.
So, read the story, or don’t — here’s the TL;DR:
Someone built an app on Google Firebase using Google Cloud Storage (similar to Amazon S3). The app was sitting behind Cloudflare for caching and protection, but an attacker still discovered the name of one of his public buckets. The result? $98,000 in charges.
In the fallout, he shuts down his company, refunds all customers, ends up in the ER, has five-figure credit card charges declined — and deletes everything to get Google to stop billing him.
Spoiler: Google refunded him — but only after he escalated via multiple channels inside Google, Reddit, and other public forums. Apparently, the issue had been brewing across multiple Reddit threads for a while — enough to make the founder literally sick.
This isn’t new. Similar stories have been posted about other providers — especially AWS. A quick search turned up another Reddit thread where people shared their cloud billing nightmares.
If you zoom in on the big three (Amazon, Azure, and Google — alphabetically), you’ll find entire companies dedicated to billing optimization. One of my evergreen AWS tips? Buy the entry-level support tier (used to be around $40–50). Better support and access to the billing advisor feature which walks you through your usage and costs in plain-er English.
If you’ve been around for a while, you probably know Corey Quinn aka @quinnypig, who became known for calling out Amazon’s more opaque practices and pushing for cost transparency in cloud infrastructure.
Honestly, I don’t care much about what the hyperscalers offer these days — so I’m not up-to-date on every technical safeguard. But at a minimum, if you’re exposing buckets behind a CDN, you should randomize the names. Or maybe there’s a Cloudflare integration that lets you access private buckets securely?
Or better yet: use a provider that doesn’t charge you an arm and a leg for egress traffic. Google charges 12 cents/GB (USD) — and that’s before counting request types (GET, PUT, HEAD, etc.). These tiny billing units are part of what makes the billing so intransparent. The egresss creates vendor lock-in. It’s often too expensive to move your data out — or it takes a long time to break even.
We’ve been iterating on our pricing, too. You get monthly cost estimates — but we charge less if you use less. Simple as that.
We’ve deliberately avoided pricing models based on request counts or other granular metrics. When you look at what we offer, you should have a clear idea of what it will cost — no PhD in accounting required.
If that resonates with you, check out the pricing and get started for free — and let me know what you think.