this post was submitted on 03 Mar 2026
93 points (97.0% liked)

Technology

82188 readers
3035 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
93
A stolen Gemini API key turned a $180 bill into $82,000 in two days (www.techspot.com)
submitted 21 hours ago by XLE@piefed.social to c/technology@lemmy.world
13 comments fedilink hide all child comments
 

Original Reddit post, which the article almost exclusively pulls from: https://old.reddit.com/r/googlecloud/comments/1reqtvi/82000_in_48_hours_from_stolen_gemini_api_key_my/

you are viewing a single comment's thread
view the rest of the comments
[–] MountingSuspicion@reddthat.com 14 points 21 hours ago (1 children)

Google is a bad company with bad policies, but I'd love to have them explain what caused the compromise. They dispute that it was uploaded publicly to GitHub, but don't seem to provide any information as to what happened. They also didn't have 2fa on, which is strange to hear because AWS (they're using Google) required 2fa on all accounts at least a year ago, regardless of permissions if memory serves. Really sorry to hear this happened to them, and the fact you can't set a hard cap on spend makes Google the party ultimately responsible here, but I'd appreciate having more information on the actual cause.

[–] XLE@piefed.social 14 points 21 hours ago (2 children)

Google also changed the rules on API key security after years of precedent.

https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

I'm sure they have a reason for everything they do, but rarely are they good reasons.

[–] db2@lemmy.world 4 points 12 hours ago (1 children)

~~Don't be evil~~

[–] MountingSuspicion@reddthat.com 1 points 20 hours ago

Yes, I saw that, I just didn't see them say that's what happened to them. If that's what happened then this should be an open and shut case. Like I said initially, Google is a bad company doing bad things and this change was an objectively greedy and evil thing.