Most active commenters
  • DANmode(7)
  • ibejoeb(3)

Ask HN: What in the world is going on at Supabase?

57 points DANmode | 18 comments | 16 Oct 25 19:24 UTC | HN request time: 1.23s | source | bottom

Raising more money, but can't reply to vital support/security inquiries?

Like the final request of mine below, asking them to save their own resources, because someone was spinning up fake trials or something using my company's domain:

"Please cancel these signups, they're fraud." Hide quoted text

---------- Forwarded message --------- From: Supabase Auth <noreply@mail.app.supabase.io> Date: Sat, Jul 12, 2025, 5:15 PM Subject: Confirm Your Signup To: <employee@***.com>

Confirm your signup Follow this link to confirm your user:

Confirm your mail

You're receiving this email because you signed up for an application powered by Supabase Opt out of these emails Hi there,

Thanks for reaching out to us. We have received your support request and your ticket id is SU-223879

Free plan will receive no guaranteed support response - we try to respond to outage related issues asap however Pro and Enterprise tickets take priority. Upgrade here.

For non-outage related issues, Free plan users are encouraged to ask their questions inside our GitHub Discussions https://github.com/supabase/supabase/discussions.

The Supabase Team.

Me: This is a pretty bad smell for this to still be unanswered and ongoing.

Your "Opt-Out" link remains broken - how is anyone supposed to get in touch with you?!

2-3 months go by: Hey,

For security reasons, we’re not able to process requests submitted by email. Please resubmit your request through the Support Portal so we can verify project ownership.

If your request falls into one of these categories, here’s how to proceed: If your issue is related to login access and this ticket was closed in error, just reply to this email and we’ll reopen it For account deletion, you can remove your account directly in your Supabase dashboard For the latest DPA, visit the Legal Documents page To report a security issue, please submit it through our HackerOne program

Thanks for your understanding, Supabase Support Team Website • Docs • Community • Twitter • Status Sent from Front

"Wow...I'm not a customer.

Months later, this is still unresolved?"

1. ◴[16 Oct 25 20:01 UTC] No.45610020[source]
2. DANmode ◴[16 Oct 25 21:27 UTC] No.45610873[source]
I want to underline the fact that I am not a client, nor has my firm ever registered with them, so this is a security/fraud correspondence...not customer service.

Emails to support@, info@ etc multiple TLDs, all ignored for months...

3. dontdoxxme ◴[16 Oct 25 22:02 UTC] No.45611228[source]
The sad fact is investors don’t care about abuse. Provided the company aren’t deliberately faking customers there is no incentive to spend any resources on a free trial other than looking for customers to convert.
4. cadamsdotcom ◴[16 Oct 25 22:27 UTC] No.45611447[source]
Sympathy to you for these woes.

While this sucks, your best bet is to vote with your wallet, find a way to act as though they don't exist, and leave them to their own devices.

replies(1): >>45620615 #
5. AznHisoka ◴[17 Oct 25 03:34 UTC] No.45613092[source]
They also never mailed me free t-shirt for completing their State of Startups survey a few months back
6. csomar ◴[17 Oct 25 05:32 UTC] No.45613590[source]
They are squeezing the free tier hard to monetize. It never made sense in the first place (they don't have their own servers, they host on AWS). It probably cost them something like $10-15/free customer. That's as bad or worst than many of the AI startup burning money to acquire customers. Also the free tier is good for most people, so why pay up?

I got my DB paused a few times despite it being active (the irony is that I have an inactive DB that was not affected).

7. gelfunde ◴[17 Oct 25 08:30 UTC] No.45614442[source]
I would differentiate between a bad customer service, that answers too late and doesn’t think outside the box versus their product. As a customer I am actually pretty happy with what I’m getting, but apparently this will only remain true as long as I don’t need to contact anyone. I guess they think they don’t need good customer support if the product is good enough for no one to complain.
8. lucasknight ◴[17 Oct 25 15:44 UTC] No.45618056[source]
supabase supabase supabase

@kiwicopple - given you have keyword notifications set up on here [0], between this and your current AWS situation, this is not a good look

[0] https://news.ycombinator.com/item?id=42223240

replies(1): >>45620704 #
9. patricktttt4 ◴[17 Oct 25 16:10 UTC] No.45618376[source]
Nobody is going to see this. They are a Y Combinator and claim to have Hacker News locked down.
replies(1): >>45620612 #
10. ibejoeb ◴[17 Oct 25 16:29 UTC] No.45618638[source]
Here's how I'm interpreting this:

    1. your company owns example.com
    2. someone signs up to supabase with alice@example.com
    3. you receive the confirmation email somehow (which probably isn't important)
       a. either the email address is valid, 
       b. it is delivered some catch-all mailbox
    4. you email supabase support notifying them that someone is signing up with an address that your company controls
Is that right? If so, I don't think this is some kind of vital security event. The confirmation email won't be delivered to the purported bad actor, so the account won't verify.
replies(1): >>45620602 #
11. DANmode ◴[17 Oct 25 18:59 UTC] No.45620602[source]
It really depends what's being done with their services during the trial period by someone claiming to be example.com!

(I have no way to know what's possible, or what the spoof accounts are doing - I've never registered with them! Just trying to give a courtesy heads up so they can take a look at bad actors on their platform...)

replies(1): >>45620724 #
12. DANmode ◴[17 Oct 25 19:00 UTC] No.45620612[source]
Plenty "saw it". Really only needed one person to see it...

They claim that? Where?

13. DANmode ◴[17 Oct 25 19:00 UTC] No.45620615[source]
I mean, I was already doing that!

I'm not a client, no relationship with them.

14. DANmode ◴[17 Oct 25 19:06 UTC] No.45620704[source]
...what's the AWS situation?
15. ibejoeb ◴[17 Oct 25 19:08 UTC] No.45620724{3}[source]
You can't use the services until you confirm the account via email. When you sign up, you provide and email address, and the you're presented with this:

"You've successfully signed up. Please check your email to confirm your account before signing in to the Supabase dashboard. The confirmation link expires in 10 minutes."

If you attempt to sign in before verifying, you'll see:

"Account has not been verified, please check the link sent to your email"

So nothing is going to happen. This is probably a bot probing for accounts. The system is operating as intended. No cause for concern.

----

One more bit: when you receive the initial account email, you'll find a note at the bottom confirming the intention:

"If you didn't request for this, you can safely ignore this email."

replies(1): >>45622690 #
16. DANmode ◴[17 Oct 25 22:06 UTC] No.45622690{4}[source]
Familiar with botting etc - no, there was NOT a message saying it was safe to ignore it if I didn’t request it.

The Opt out of these emails link was the end of their email.

Unless they’ve changed this since this ordeal began for me on July 12th, this is still a problem.

replies(1): >>45622792 #
17. ibejoeb ◴[17 Oct 25 22:17 UTC] No.45622792{5}[source]
We must be talking about different things, then.

They're active on discord, so maybe bring it up there: https://discord.com/invite/AYybku5cUz