Netlify billing horror story

Today, a user on Reddit, claimed that they got a $104k Netlify bill for their static site, after their free plan site was DDoSed. They also claimed that support only discounted their bill to $5000.

Can this really happen? If so, is there a way to prevent getting charged on a free plan? Ideally, Netlify should have an option to disable free plan websites, in case the free plan limits are reached.

If not, I will have to move all my Netlify sites somewhere else. I can’t risk going into potential debt for a personal website that gets ~100 visitors per month.

Edit: The CEO of Netlify responded on hackernews:

Netlify CEO here.
Our support team has reached out to the user from the thread to let them know they’re not getting charged for this.
It’s currently our policy to not shut down free sites during traffic spikes that doesn’t match attack patterns, but instead forgiving any bills from legitimate mistakes after the fact.
Apologies that this didn’t come through in the initial support reply.

My question is: Would Netlify forgive the bill if this story didn’t go viral?

I can’t trust Netlify until their free plan is “safe” to use without risking going into debt.

I would like to know too. If there’s no option implemented to set a cost cap or automatically 503 the sites once the limit is reached and something like this can happen we will have to migrate our sites to a different hoster.

I’m worried as well.

Hello, all. We are aware of and deeply sorry for how this recent situation has impacted some of our users. As a company we are deeply committed to both making this right and ensuring that it never happens again. I’m linking our official stance below, but please don’t hesitate to email Support (support@netlify.com) if you want to discuss your account. We are here to help. Thank you.