Skip to content

GCP Client ID

Service Name: Google Cloud Platform

Service Description: Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, offering a wide range of services including computing, data storage, data analytics, and machine learning.

Service Address: https://cloud.google.com/

Validation Type: NHI Enriched

IP Allow list: Does not exist

Secret Access Scope: Grants access to Google APIs on behalf of a user or application. Used for OAuth 2.0 authentication flows.

Secret Revokement URL: https://console.cloud.google.com/apis/credentials

Secret Example: 123456789012-abcdefghijklmnopqrstuvwxyz123456.apps.googleusercontent.com

Suspicious Activity Investigation Instructions:

  • Check Google Cloud Console audit logs for unusual API calls or authentication attempts
  • Review the OAuth consent screen settings for unauthorized changes
  • Examine API usage metrics for unusual spikes in activity
  • Check for unauthorized redirect URIs in the client configuration
  • Review project activity for any unauthorized resource creation or access

Mitigation Instructions:

  • Navigate to the Google Cloud Console and go to the APIs & Services > Credentials section
  • Locate the compromised OAuth client ID
  • Click on the client ID to view its details
  • Click "Delete" to revoke the client ID
  • Create a new client ID with proper restrictions if needed
  • Update any applications using the old client ID with the new credentials
  • Review and update security settings for the project