https://haris.pm/tags/firebase/Recent content in Firebase on Haris Ali - Product Human from the MaldivesHugo -- gohugo.ioen-gbFri, 03 Apr 2026 00:00:00 +0000https://haris.pm/posts/nobody-checks-your-user-count-before-scanning-for-vulnerabilities/Fri, 03 Apr 2026 00:00:00 +0000https://haris.pm/posts/nobody-checks-your-user-count-before-scanning-for-vulnerabilities/<p>It started with a $10 charge from Google Cloud on my bank statement. That might not sound like much, but Google Cloud usually costs me less than a dollar a month. There was no reason for it to spike.</p> <p>A few days earlier, I&rsquo;d received an email from a security researcher, asking if <a href="https://fastbooks.app">Fastbooks</a> had a vulnerability disclosure or bug bounty program. It was polite, professional — the kind of email you&rsquo;d expect from someone doing this the right way. I replied honestly: Fastbooks is a weekend project with no revenue, no bounty program, and the best I could offer was an acknowledgement on the website if he found something worth reporting.</p>