Stolen Gemini API Key Generates $82,000 Bill in 48 Hours, Exposing Cloud Security Flaw

Gemini API key thief racks up $82,314 in charges in just two days, victim 'facing bankruptcy' -- affected devs call for basic guardrails against 'catastrophic usage anomalies'

A Google Gemini user has taken to Reddit "in a state of shock and panic." The issue is with the most recent bill received by their software development business. Redditor RatonVaquero's typical monthly spend on Gemini AI services is $180. However, in just 48 hours last month, their account "generated $82,314.44 in charges." A thief has been using the account to generate oodles of Gemini 3 Pro Images and Texts. If Google doesn't back down regarding these non-trivial fees from the suspected "stolen Gemini API key," it will bankrupt the company. Tragically, locking the door after the horse has bolted, RatonVaquero has now "Deleted the compromised key, Disabled Gemini APIs, Rotated credentials, Enabled 2FA everywhere, Locked down IAM, [and] Opened a support case." On the latter point, initial feedback from a Google rep they contacted indicates that the charges will probably stick. From the Redditor's discussion of their correspondence with Google so far, it looks like the "don't be evil" company is going to repeatedly cite its 'Shared Responsibility Model' for cloud services accounts. I've had a quick look at the referenced legal word salad, and I'd guess Google is leaning on the part of its agreement that asks customers to have an authentication system, access policy, and network security in place to protect their API keys, among other things. Interestingly, though, several Redditors also note that the stolen API key(s) might actually have been there for the taking, and it is Google's fault for flipping its API key secrecy rules. Arguing for some 'mercy,' RatonVaquero, one of three devs at the affected Mexican development firm, complains that Google doesn't have "basic guardrails for catastrophic usage anomalies." The contrast in usage, from a usual $180pcm to $82,000+ in 48 hours, does indeed look like an extreme spike. RatonVaquero also says that there should be features like temporarily freezing services until review and the implementation of per-API spending caps. A look into this overcharging issue indicates that Personal/consumer Gemini customers can't accidentally spend more than their flat monthly fee. Instead, they have usage caps. Moving up to Dev/Business Google AI Studio users, they can set Quotas (limiting the number of requests per day or per minute). Meanwhile, Google Cloud (Vertex AI) users can set Budget Alerts to notify them when they reach a certain dollar amount. RatonVaquero says they will talk again with a Google rep soon, and have filed a cybercrime report with the FBI. Now they are basically hoping for a softening of big G's stance. They may be able to share the logs of their unusual "455x spike" in usage, and ask for "goodwill credits" as victims of a cybersecurity incident. It is Kafkaesque, but usually a bit of stubborn persistence can help get your case seen by the right people for a more favorable outcome. Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

Dev stunned by $82K Gemini API key bill after theft

Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours. "I am in a state of shock and panic right now," the dev wrote on Reddit, and went on to detail how his startup's Google Cloud API key was somehow compromised between February 11 and February 12. During that time, unknown miscreants used the key to spend $82,314.44, primarily on Gemini 3 Pro Image and Gemini 3 Pro Text. This is quite a cost jump, considering the three-developer Mexico-based company, usually spends $180 a month. This was about a 46,000 percent increase. After deleting the compromised key, disabling the Gemini APIs, rotating credentials, and taking other security precautions, the developer says he opened a support case with Google and got nowhere. A Google representative allegedly cited the company's shared responsibility model - Google secures its platform and users must secure their own tools - and said the Chocolate Factory had to charge the developer for the unauthorized API costs. This, the dev wrote, "really worries me. If Google attempts to enforce even a third of this amount, our company goes bankrupt. We are barely surviving and hoping one of our products work." It looks like he may not be alone in his worries - or in experiencing API key compromise. Truffle Security researchers scanned millions of websites and found 2,863 live Google API keys - originally used as project identifiers for billing purposes - that now also authenticate to Gemini, thus giving attackers access to sensitive data, and allowing them to rack up unauthorized charges on someone else's account. "With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account," Truffle researcher Joe Leon said in a February 25 blog post. The Register contacted the Reddit poster, and we'll share more about their story if we hear back. Google declined to answer our questions about whether it will force the developer to pay the bill or eat the costs itself. But in response to the Truffle blog, a Google spokesperson said the company is aware of this report and "worked with the researchers to address the issue." "Protecting our users' data and infrastructure is our top priority," the spokesperson added. "We have already implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API." The flaw stems from the format of Google Cloud's API keys, which start with the string and are therefore easy to find. Google's documentation for its Maps and Firebase services specify that API keys are not secrets, but rather used to identify a developer's app's Firebase project to Firebase services. In the case of Maps, Google instructs developers to paste their key directly into HTML. This is because API keys weren't intended to be used as authentication credentials - until Gemini entered the picture. As Leon explained: The Truffle researchers presented all of this to Google, including an example from a Google product's public-facing website with a key deployed as a public project identifier back in 2023. It now allows Gemini API access. This last part made Google take notice. After Google's Vulnerability Disclosure Project team initially dismissed the report in November 2025, determining it was simply "intended behavior," Truffle pushed back, and on December 1 provided examples from Google's own infrastructure. Google then reclassified the report from "Customer Issue" to "Bug," upgraded the severity, and started working on a fix, requesting a list of the 2,863 exposed keys. As of February 2, Google told Truffle that it was still working on the root-cause fix. Leon notes that his team has not yet seen "a concrete outcome." In the meantime, anyone who uses Google Cloud and its services can use Truffle Security's open source secrets scanning tool TruffleHog to scan code, CI/CD pipelines, and web assets for leaked Google API keys. "The pattern we uncovered here (public identifiers quietly gaining sensitive privileges) isn't unique to Google," Leon wrote. "As more organizations bolt AI capabilities onto existing platforms, the attack surface for legacy credentials expands in ways nobody anticipated." ®

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix "AIza") embedded in client-side code to provide Google-related services like embedded maps on websites. "With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account," security researcher Joe Leon said, adding the keys "now also authenticate to Gemini even though they were never intended for it." The problem occurs when users enable the Gemini API on a Google Cloud project (i.e., Generative Language API), causing the existing API keys in that project, including those accessible via the website JavaScript code, to gain surreptitious access to Gemini endpoints without any warning or notice. This effectively allows any attacker who scrapes websites to get hold of such API keys and use them for nefarious purposes and quota theft, including accessing sensitive files via the /files and /cachedContents endpoints, as well as making Gemini API calls, racking up huge bills for the victims. In addition, Truffle Security found that creating a new API key in Google Cloud defaults to "Unrestricted," meaning it's applicable for every enabled API in the project, including Gemini. "The result: thousands of API keys that were deployed as benign billing tokens are now live Gemini credentials sitting on the public internet," Leon said. In all, the company said it found 2,863 live keys accessible on the public internet, including a website associated with Google. The disclosure comes as Quokka published a similar report, finding over 35,000 unique Google API keys embedded in its scan of 250,000 Android apps. "Beyond potential cost abuse through automated LLM requests, organizations must also consider how AI-enabled endpoints might interact with prompts, generated content, or connected cloud services in ways that expand the blast radius of a compromised key," the mobile security company said. "Even if no direct customer data is accessible, the combination of inference access, quota consumption, and possible integration with broader Google Cloud resources creates a risk profile that is materially different from the original billing-identifier model developers relied upon." Although the behavior was initially deemed intended, Google has since stepped in to address the problem. "We are aware of this report and have worked with the researchers to address the issue," A Google spokesperson told The Hacker News via email. "Protecting our users' data and infrastructure is our top priority. We have already implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API." It's currently not known if this issue was ever exploited in the wild. However, in a Reddit post published two days ago, a user claimed a "stolen" Google Cloud API Key resulted in $82,314.44 in charges between February 11 and 12, 2026, up from a regular spend of $180 per month. We have reached out to Google for further comment, and we will update the story if we hear back. Users who have set up Google Cloud projects are advised to check their APIs and services, and verify if artificial intelligence (AI)-related APIs are enabled. If they are enabled and publicly accessible (either in client-side JavaScript or checked into a public repository), make sure the keys are rotated. "Start with your oldest keys first," Truffle Security said. "Those are the most likely to have been deployed publicly under the old guidance that API keys are safe to share, and then retroactively gained Gemini privileges when someone on your team enabled the API." "This is a great example of how risk is dynamic, and how APIs can be over-permissioned after the fact," Tim Erlin, security strategist at Wallarm, said in a statement. "Security testing, vulnerability scanning, and other assessments must be continuous." "APIs are tricky in particular because changes in their operations or the data they can access aren't necessarily vulnerabilities, but they can directly increase risk. The adoption of AI running on these APIs, and using them, only accelerates the problem. Finding vulnerabilities isn't really enough for APIs. Organizations have to profile behavior and data access, identifying anomalies and actively blocking malicious activity."

A stolen Gemini API key turned a $180 bill into $82,000 in two days

Serving tech enthusiasts for over 25 years. TechSpot means tech analysis and advice you can trust. AI Economy: A team of three developers in Mexico is facing a roughly 455× increase in monthly AI service expenses after an API key associated with their project was allegedly compromised. The key was later used to access Google Gemini services at scale. The small company has reportedly attempted to negotiate relief with Google, but says the company has not offered a payment adjustment. One of the affected developers shared the incident on Reddit. According to the post, the Google Cloud API key was compromised between February 11 and February 12 and was primarily used to access Gemini 3 Pro Image and Gemini 3 Pro Text services. The company's typical monthly AI service expense was approximately $180, but the unauthorized usage generated a bill of about $82,314.44. The developers say they were operating under tight financial conditions and were hoping their product would eventually become profitable. Even if only one-third of the billed amount is enforced, they fear the cost could still drive the business toward insolvency. A Mountain View representative said customers using generative AI services are responsible for securing their own credentials under the platform's Shared Responsibility Model. Under this framework, users are expected to implement appropriate security safeguards, as service providers may not assume liability for misuse resulting from compromised authentication keys. The developers said they did not believe they made any "obvious" operational mistake. After discovering the compromised key, they attempted to secure their system by deleting exposed keys, disabling Google Gemini API access, and enabling two-factor authentication across their accounts. They also opened a support request with Google, though they report receiving no meaningful resolution so far. One of the developers argued on Reddit that cloud providers should implement stronger safeguards against extreme billing anomalies. The developer suggested that platforms should automatically halt or verify charges once usage reaches abnormal thresholds, noting the lack of mandatory confirmation mechanisms during sudden usage spikes. "A jump from $180/month to $82k in 48 hours is not 'normal variability.' It is obvious abuse," the dev said. The Mexican team has been seeking advice from the developer community online. Some contributors have warned against relying heavily on computation-intensive services such as Gemini-style generative AI APIs. There have also been conflicting claims regarding whether the developers uploaded the compromised key to public repositories such as GitHub, a point that relates to the Shared Responsibility Model emphasized by Google. The developers later disputed assertions that the key was knowingly exposed. Before the introduction of modern authentication practices for generative AI services, some older API systems were considered easier to compromise. The developers believe this case may help highlight broader security and billing protection concerns in cloud computing environments. They have reportedly also filed a complaint with the Federal Bureau of Investigation.

Generative AI Rollout Exposes Hidden Risk in Google Cloud API Keys

Generative AI Rollout Transforms Harmless Google API Keys Into Critical Cloud Security Vulnerability A quiet change in how Google's cloud services interact has opened an unexpected security gap, putting thousands of organisations at risk of data exposure and mounting AI bills. Security researchers have found that publicly visible Google API keys, once considered low risk, can now be used to access Gemini AI if the generative AI service is enabled in the same cloud project. Nearly 3,000 such keys are estimated to be active across websites and public code repositories, including those linked to financial institutions, technology firms, and recruitment platforms. For years, developers embedded these keys in apps and webpages for services like Maps or Firebase, relying on Google's guidance that they were not sensitive credentials. That assumption no longer holds.