Somebody created projects on Google Cloud in my account without my knowledge

Solution 1:

NOTE: This answer is anecdotal, but still probably relevant.

I encountered a similar issue a little over a year ago. It turns out there's a bug somewhere in Google's systems: if you are a member of any Google Groups, other members' projects show up in your project listings. Since you don't actually get any access permissions to those projects, Google did not consider it a security issue when I reported it and decided no action was necessary.

You can check which groups you're subscribed to here: https://groups.google.com/my-groups; and leaving them should automatically remove the projects from your project listings.

Originally posted as a comment.

Solution 2:

When I access Google Cloud, I see some projects that I haven't created.

Seeing projects does not mean your account created them. Someone may have given you access to those projects. Find out what rights you have to those projects with this command:

gcloud projects get-iam-policy <YOUR GCLOUD PROJECT ID> \
--flatten="bindings[].members" \
--format='table(bindings.role)' \
--filter="bindings.members:<YOUR EMAIL ADDRESS>"

To find out who has what roles in each project (look for the owner role):

gcloud projects get-iam-policy <YOUR GCLOUD PROJECT ID>

One key item is if these projects are part of an organization. If so, what role s do you have at the organization level. With the correct roles, you can grant any rights you want to each project.

The next step is to find out if your billing account is assigned to any of these projects:

gcloud beta billing accounts list

Make note of the ACCOUNT_ID for the next command:

gcloud alpha billing projects list ACCOUNT_ID

If your billing account is being used fraudulently, remove the payment instrument (credit/debit card) from the billing account, remove their access to your billing account and then contact Google Cloud Billing Support.