-1

I recently signed up on Google Cloud and started using a few Maps APIs. Today, I got this e-mail:

From: Google Cloud Platform <[email protected]>
Sent: Friday, June 28, 2024 18:14
Subject: New Advisory Notification

Dear Google Cloud customer,
You've received an important Google Cloud notification affecting your resource, lustrous-walker-427209-h5’s Google Cloud service(s).

Notification Title: [Security Alert]: Polyfill.io Issue for Google Maps Platform users

[Button:] View Notification Details 

Sincerely, 
The Google Cloud team

I did not click on the button. I never heard of "lustrous-walker" and Googling it brought up nothing relevant. I Googled the notification title and got nothing with that title, but did see a lot of news about a "Polyfill.io" attack that has affected over 100,000 websites. I logged in to my Google Cloud account, clicked on "Console," saw the bell icon for notifications, and clicked on that. There were several notifications about my recent activity, but nothing about Polyfill.

I suspect that the e-mail is legitimate, but in case it's a spoof, I don't want to click on its button. If it is legitimate, I should have a notification somewhere in my Google Cloud portal about Polyfill. Where should I go to find that?

Improve this question
3
  • It seems to be real, there are now articles talking about this and was also covered here.
    – Bitwise DEVS
    Commented 8 hours ago
  • The email is clear a scam since it’s not your compute resource. The scammer is betting your familiar enough with the Polyfill.io exploit. If you have any doubts contact Google.
    – Ramhound
    Commented 6 hours ago
  • lustrous-walker-427209-h5 is probably your instance's default name given by Google on creation. You can change it any time in the Google Cloud console.
    – TommyZG
    Commented 2 hours ago

2 Answers 2

Reset to default
1

I’ve gotten this as well and am unable to see it in the security advisory section of the project the email mentions. However, I was able to find this notice on the maps api documentation site. I assume this is what the advisory is for. (For reference: https://developers.google.com/maps/documentation/javascript/error-messages)

Security notice: We have become aware of a security issue that may be affecting websites using specific third-party libraries (including polyfill.io). This issue can sometimes redirect visitors away from the intended website without website owner knowledge or permission. Many of our JavaScript samples previously included a polyfill.io script declaration. We have removed this from our samples. If you have used our JavaScript samples that contain this declaration, we recommend removing the declaration.

Improve this answer
New contributor
jpatters is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.
0

Advisory Notifications are available directly in the Google Cloud console. You can view critical security and privacy events related to your Google Cloud resources.

Direct Link: https://console.cloud.google.com/security/advisorynotifications

Note: To view full details of notifications, you need to have the proper credentials and IAM permissions set up for your account.

https://cloud.google.com/advisory-notifications/docs/overview

Improve this answer
New contributor
AnilXD is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .