Be part of the G Suite/Cloud Identity domain (i.e. An employee, or a student), and it wouldn't be anything unexpected.

Or the organization can be shared with them.

ezequiel.tech

displayName

I name my organization " <IMPORTANT-COMPANY>.com "

" Share it with " domain:<IMPORTANT-COMPANY>.com " (Effectively sharing it with every Google user with a @<IMPORTANT-COMPANY>.com account)

" (Effectively sharing it with every Google user with a @<IMPORTANT-COMPANY>.com account) Profit from unsuspecting users creating resources in my organization, specially billing accounts (Which can be closed, not deleted, and I can just re-open them and use them), or building projects that manage sensible information (For instance, a project that access other servers I previously had no credentials for)

@gmail.com

No organization

google.com

google.com

google.com

Picture the Google Security Team sent me: A fake organization is on top, the one below is the real one.

google.com

Timeline

Issue found and reported on November 29th, 2018

Issue quickly fixed

Reward decision delayed (Holidays)

Reward of $7500 issued on January 29th, 2019