Dev stunned by $82K Gemini bill after unknown API key thief goes to town
(2026/03/04)
- Reference: 1772579943
- News link: https://www.theregister.co.uk/2026/03/03/gemini_api_key_82314_dollar_charge/
- Source link:
A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.
"I am in a state of shock and panic right now," [1]the dev wrote on Reddit, and went on to detail how his startup's Google Cloud API key was somehow compromised between February 11 and February 12. During that time, unknown miscreants used the key to spend $82,314.44, primarily on Gemini 3 Pro Image and Gemini 3 Pro Text.
This is quite a cost jump, considering the three-developer Mexico-based company, usually spends $180 a month. This was about a 46,000 percent increase.
[2]
After deleting the compromised key, disabling the Gemini APIs, rotating credentials, and taking other security precautions, the developer says he opened a support case with Google and got nowhere.
[3]
[4]
A Google representative allegedly cited the company’s shared responsibility model – Google secures its platform and users must secure their own tools – and said the Chocolate Factory had to charge the developer for the unauthorized API costs.
This, the dev wrote, "really worries me. If Google attempts to enforce even a third of this amount, our company goes bankrupt. We are barely surviving and hoping one of our products work."
[5]
It looks like he may not be alone in his worries – or in experiencing API key compromise.
Thousands more where that came from
Truffle Security researchers scanned millions of websites and found 2,863 live Google API keys – originally used as project identifiers for billing purposes – that now also authenticate to Gemini, thus giving attackers access to sensitive data, and allowing them to rack up unauthorized charges on someone else's account.
"With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account," Truffle researcher Joe Leon [6]said in a February 25 blog post.
The Register contacted the Reddit poster, and we'll share more about their story if we hear back. Google declined to answer our questions about whether it will force the developer to pay the bill or eat the costs itself.
But in response to the Truffle blog, a Google spokesperson said the company is aware of this report and "worked with the researchers to address the issue."
[7]
"Protecting our users' data and infrastructure is our top priority," the spokesperson added. "We have already implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API."
The flaw stems from the format of Google Cloud's API keys, which start with the string AIza and are therefore easy to find.
Google’s documentation for its Maps and Firebase services specify that [8]API keys are not secrets , but rather used to identify a developer's app's Firebase project to Firebase services. In the case of Maps, [9]Google instructs developers to paste their key directly into HTML.
This is because API keys weren't intended to be used as authentication credentials – until Gemini entered the picture. As Leon explained:
You created a Maps key three years ago and embedded it in your website's source code, exactly as Google instructed. Last month, a developer on your team enabled the Gemini API for an internal prototype. Your public Maps key is now a Gemini credential. Anyone who scrapes it can access your uploaded files, cached content, and rack up your AI bill. Nobody told you.
The Truffle researchers presented all of this to Google, including an example from a Google product's public-facing website with a key deployed as a public project identifier back in 2023. It now allows Gemini API access. This last part made Google take notice.
[10]Chrome Gemini panel became privilege escalator for rogue extensions
[11]Chat at your own risk! Data brokers are selling deeply personal bot transcripts
[12]CIOs say AI adoption is moving faster than they can manage
[13]OpenClaw, but in containers: Meet NanoClaw
After Google's Vulnerability Disclosure Project team initially dismissed the report in November 2025, determining it was simply "intended behavior," Truffle pushed back, and on December 1 provided examples from Google's own infrastructure.
Google then reclassified the report from "Customer Issue" to "Bug," upgraded the severity, and started working on a fix, requesting a list of the 2,863 exposed keys.
As of February 2, Google told Truffle that it was still working on the root-cause fix. Leon notes that his team has not yet seen "a concrete outcome."
In the meantime, anyone who uses Google Cloud and its services can use Truffle Security's open source secrets scanning tool [14]TruffleHog to scan code, CI/CD pipelines, and web assets for leaked Google API keys.
"The pattern we uncovered here (public identifiers quietly gaining sensitive privileges) isn't unique to Google," Leon wrote. "As more organizations bolt AI capabilities onto existing platforms, the attack surface for legacy credentials expands in ways nobody anticipated." ®
Get our [15]Tech Resources
[1] https://old.reddit.com/r/googlecloud/comments/1reqtvi/82000_in_48_hours_from_stolen_gemini_api_key_my/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aae8ciZfclvHfbiNYpUKtAAAAUE&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aae8ciZfclvHfbiNYpUKtAAAAUE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aae8ciZfclvHfbiNYpUKtAAAAUE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aae8ciZfclvHfbiNYpUKtAAAAUE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aae8ciZfclvHfbiNYpUKtAAAAUE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://firebase.google.com/support/guides/security-checklist#api-keys-not-secret
[9] https://developers.google.com/maps/documentation/javascript/get-api-key?setupProd=configure#make_request
[10] https://www.theregister.com/2026/03/03/google_chrome_bug_gemini/
[11] https://www.theregister.com/2026/03/03/chatbot_data_harvesting_personal_info/
[12] https://www.theregister.com/2026/03/03/cios_say_ai_adoption_too_fast/
[13] https://www.theregister.com/2026/03/01/nanoclaw_container_openclaw/
[14] https://github.com/trufflesecurity/trufflehog
[15] https://whitepapers.theregister.com/
"I am in a state of shock and panic right now," [1]the dev wrote on Reddit, and went on to detail how his startup's Google Cloud API key was somehow compromised between February 11 and February 12. During that time, unknown miscreants used the key to spend $82,314.44, primarily on Gemini 3 Pro Image and Gemini 3 Pro Text.
This is quite a cost jump, considering the three-developer Mexico-based company, usually spends $180 a month. This was about a 46,000 percent increase.
[2]
After deleting the compromised key, disabling the Gemini APIs, rotating credentials, and taking other security precautions, the developer says he opened a support case with Google and got nowhere.
[3]
[4]
A Google representative allegedly cited the company’s shared responsibility model – Google secures its platform and users must secure their own tools – and said the Chocolate Factory had to charge the developer for the unauthorized API costs.
This, the dev wrote, "really worries me. If Google attempts to enforce even a third of this amount, our company goes bankrupt. We are barely surviving and hoping one of our products work."
[5]
It looks like he may not be alone in his worries – or in experiencing API key compromise.
Thousands more where that came from
Truffle Security researchers scanned millions of websites and found 2,863 live Google API keys – originally used as project identifiers for billing purposes – that now also authenticate to Gemini, thus giving attackers access to sensitive data, and allowing them to rack up unauthorized charges on someone else's account.
"With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account," Truffle researcher Joe Leon [6]said in a February 25 blog post.
The Register contacted the Reddit poster, and we'll share more about their story if we hear back. Google declined to answer our questions about whether it will force the developer to pay the bill or eat the costs itself.
But in response to the Truffle blog, a Google spokesperson said the company is aware of this report and "worked with the researchers to address the issue."
[7]
"Protecting our users' data and infrastructure is our top priority," the spokesperson added. "We have already implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API."
The flaw stems from the format of Google Cloud's API keys, which start with the string AIza and are therefore easy to find.
Google’s documentation for its Maps and Firebase services specify that [8]API keys are not secrets , but rather used to identify a developer's app's Firebase project to Firebase services. In the case of Maps, [9]Google instructs developers to paste their key directly into HTML.
This is because API keys weren't intended to be used as authentication credentials – until Gemini entered the picture. As Leon explained:
You created a Maps key three years ago and embedded it in your website's source code, exactly as Google instructed. Last month, a developer on your team enabled the Gemini API for an internal prototype. Your public Maps key is now a Gemini credential. Anyone who scrapes it can access your uploaded files, cached content, and rack up your AI bill. Nobody told you.
The Truffle researchers presented all of this to Google, including an example from a Google product's public-facing website with a key deployed as a public project identifier back in 2023. It now allows Gemini API access. This last part made Google take notice.
[10]Chrome Gemini panel became privilege escalator for rogue extensions
[11]Chat at your own risk! Data brokers are selling deeply personal bot transcripts
[12]CIOs say AI adoption is moving faster than they can manage
[13]OpenClaw, but in containers: Meet NanoClaw
After Google's Vulnerability Disclosure Project team initially dismissed the report in November 2025, determining it was simply "intended behavior," Truffle pushed back, and on December 1 provided examples from Google's own infrastructure.
Google then reclassified the report from "Customer Issue" to "Bug," upgraded the severity, and started working on a fix, requesting a list of the 2,863 exposed keys.
As of February 2, Google told Truffle that it was still working on the root-cause fix. Leon notes that his team has not yet seen "a concrete outcome."
In the meantime, anyone who uses Google Cloud and its services can use Truffle Security's open source secrets scanning tool [14]TruffleHog to scan code, CI/CD pipelines, and web assets for leaked Google API keys.
"The pattern we uncovered here (public identifiers quietly gaining sensitive privileges) isn't unique to Google," Leon wrote. "As more organizations bolt AI capabilities onto existing platforms, the attack surface for legacy credentials expands in ways nobody anticipated." ®
Get our [15]Tech Resources
[1] https://old.reddit.com/r/googlecloud/comments/1reqtvi/82000_in_48_hours_from_stolen_gemini_api_key_my/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aae8ciZfclvHfbiNYpUKtAAAAUE&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aae8ciZfclvHfbiNYpUKtAAAAUE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aae8ciZfclvHfbiNYpUKtAAAAUE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aae8ciZfclvHfbiNYpUKtAAAAUE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aae8ciZfclvHfbiNYpUKtAAAAUE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://firebase.google.com/support/guides/security-checklist#api-keys-not-secret
[9] https://developers.google.com/maps/documentation/javascript/get-api-key?setupProd=configure#make_request
[10] https://www.theregister.com/2026/03/03/google_chrome_bug_gemini/
[11] https://www.theregister.com/2026/03/03/chatbot_data_harvesting_personal_info/
[12] https://www.theregister.com/2026/03/03/cios_say_ai_adoption_too_fast/
[13] https://www.theregister.com/2026/03/01/nanoclaw_container_openclaw/
[14] https://github.com/trufflesecurity/trufflehog
[15] https://whitepapers.theregister.com/
Homo.Sapien.Floridanus
$ 82K? Hijo de la chingaaaa!
Bad Business Practice
martinusher
Over the last couple of decades I've had my credit cards hacked a couple of times. In all instances the card company's fraud division picked it up immediately, invariably surprising me, because the usage deviated from my usual pattern.
I often wonder why bank fraud is possible but then I remember that with credit cards the bank is on the hook for the loss instead of the customer. Other types of fraud, like when someone suddenly wants to transfer their entire net worth to some country few employees could find on a map, doesn't seem to raise any red flags. Its more of a PR problem than anything else -- the bank really doesn't want to take the loss but might eventually reimburse the customer to avoid spooking other customers.
This is just the same sort of thing. Gemini should be well placed to detect unusual activity. If it doesn't -- well, a sale is a sale, legit or not.
zOMG
Anonymous Coward
You could write C compiler for that price!
Four of them!!!
Why
Why are there no basic guardrails for catastrophic usage anomalies?
Because these services are designed for startups with more money than sense. You know, move fast break things. $80k bill? Whooopsiee daisyy, I guess daddy/shareholder/VC will pay. Let's move onto next vibe ticket.
It's not designed for actual small business / developer to use.