"I am in a state of shock and panic right now. During that time, unknown miscreants used the key to spend $82,314.44, primarily on Gemini 3 Pro Image and Gemini 3 Pro Text. This is quite a cost jump, considering the three-developer Mexico-based company usually spends $180 a month. This was about a 46,000 percent increase."
"A Google representative allegedly cited the company's shared responsibility model - Google secures its platform and users must secure their own tools - and said the Chocolate Factory had to charge the developer for the unauthorized API costs. This really worries me. If Google attempts to enforce even a third of this amount, our company goes bankrupt."
"With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account. Truffle Security researchers scanned millions of websites and found 2,863 live Google API keys that now also authenticate to Gemini, thus giving attackers access to sensitive data, and allowing them to rack up unauthorized charges on someone else's account."
A Mexico-based startup experienced a catastrophic security breach when their Google Cloud API key was compromised, resulting in $82,314 in unauthorized charges for Gemini API usage within 48 hours—a 46,000 percent increase from their typical $180 monthly spending. After securing the compromised key and implementing security measures, the developer contacted Google support but was denied relief. Google cited its shared responsibility model, stating users must secure their own credentials and must pay for unauthorized usage. The developer expressed severe concern that enforcing even partial charges could bankrupt the struggling company. Security researchers discovered thousands of exposed Google API keys across websites that now authenticate to Gemini, enabling attackers to access sensitive data and incur charges on compromised accounts.
#api-security #cloud-infrastructure-costs #credential-compromise #google-gemini #unauthorized-charges
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]