Firebase bill is usually $50, but I was surprised to see a $70k bill in one day

Original Article ↗ Hacker News Discussion ↗

Firebase billing behavior and “surprise bills”

  • Firebase budgets are alerts only; they do not stop usage. Several commenters only realized this from the docs after seeing this incident.
  • The official “avoid surprise bills” guidance focuses on alerts and monitoring, not hard enforcement, which many feel does little to actually prevent surprises.
  • Free tiers can be hard‑limited or throttled, but once on paid plans, enforcement becomes softer and more opaque.

Hard billing caps: desirability vs difficulty

  • Many want an opt‑in hard cap: on hitting a limit, services would be throttled or shut off until manual re‑enablement.
  • Supporters argue even an approximate cutoff (with some overrun) is far better than a 3–4‑order‑of‑magnitude surprise.
  • Others argue robust caps are technically very hard across many services:
    • Some usage (e.g., network egress) is known only with delay.
    • Enforcing per‑request checks would add latency or require complex distributed coordination.
    • “At rest” resources (storage, backups) raise questions about what to stop or delete.
  • Quotas, max autoscaling, and per‑resource limits are proposed as partial mitigations.

Security, misuse, and Firebase complexity

  • Firebase is easy to start but “hard to master.” Misunderstood Firestore rules and billing per document processed can cause huge costs.
  • It’s easy to accidentally expose data or allow malicious writes, which can generate runaway usage.
  • The thread attributes this incident to storing around a petabyte in GCS in a day, possibly via a poorly controlled implementation.

Risk management: LLCs, insurance, cards

  • Some advocate using LLCs per app or for hosting contracts to contain liability; others note courts can pierce the veil for fraud, negligence, or “sham” entities.
  • Ideas for insurance against cloud overages are floated but widely doubted as practical or fairly priced.
  • Virtual cards with low limits help contain card charges but do not erase legal liability for the debt.

Alternatives and broader incentives

  • Several prefer fixed‑price VPS or simpler clouds (traditional droplets, Lightsail‑like products, Fly.io with prepaid credits, Supabase, etc.) for predictable bills.
  • Some see providers’ refusal to offer caps as primarily profit‑driven; others emphasize enterprise customers’ preference for never‑down services and argue refunds for edge cases are the de facto safety valve.