Google Cloud Logging, Google Pub/Sub, and Google Storage Transfer Service are exposed to the same bucket name hijacking architectural vulnerability documented by Unit 42: pipeline destination services bind to bucket names rather than stable resource identifiers, meaning deletion of a Cloud Storage bucket followed by re-registration of the same name in a different GCP account is sufficient to redirect ongoing data streams. The storage.buckets.delete permission, commonly held by service accounts and developer identities, is the only capability required to execute this attack.