this post was submitted on 03 Mar 2026
63 points (95.7% liked)

Technology

82188 readers
3909 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
63
A stolen Gemini API key turned a $180 bill into $82,000 in two days (www.techspot.com)
submitted 9 hours ago by XLE@piefed.social to c/technology@lemmy.world
10 comments fedilink hide all child comments
 

Original Reddit post, which the article almost exclusively pulls from: https://old.reddit.com/r/googlecloud/comments/1reqtvi/82000_in_48_hours_from_stolen_gemini_api_key_my/

all 11 comments
sorted by: hot top controversial new old
[–] FUCKING_CUNO@lemmy.dbzer0.com 10 points 6 hours ago (1 children)

One of the developers argued on Reddit that cloud providers should implement stronger safeguards

Uh, stronger safeguards like LIKE ENABLING TWO FACTOR AUTHENTICATION YOU FUCKING IDIOTS.

[–] dhork@lemmy.world 22 points 8 hours ago (1 children)

The developers said they did not believe they made any "obvious" operational mistake. After discovering the compromised key, they attempted to secure their system by deleting exposed keys, disabling Google Gemini API access, and enabling two-factor authentication across their accounts.

I'm no "cloud developer", but there seem to be a few obvious operational mistakes described just in that paragraph alone....

[–] FauxLiving@lemmy.world 10 points 5 hours ago

After discovering the robbery, the bank installed doors and locks.

[–] MedicPigBabySaver@lemmy.world 5 points 6 hours ago

Fuck Reddit and Fuck Spez.

[–] ace_garp@lemmy.world 6 points 8 hours ago (1 children)

'Turned $180 billion into $82,000 in two days'

Wait, I thought this story was about Google AI, not OpenAI.

[–] 13igTyme@piefed.social 3 points 7 hours ago

It all the same garbage.

[–] MountingSuspicion@reddthat.com 8 points 9 hours ago (1 children)

Google is a bad company with bad policies, but I'd love to have them explain what caused the compromise. They dispute that it was uploaded publicly to GitHub, but don't seem to provide any information as to what happened. They also didn't have 2fa on, which is strange to hear because AWS (they're using Google) required 2fa on all accounts at least a year ago, regardless of permissions if memory serves. Really sorry to hear this happened to them, and the fact you can't set a hard cap on spend makes Google the party ultimately responsible here, but I'd appreciate having more information on the actual cause.

[–] XLE@piefed.social 9 points 8 hours ago (1 children)

Google also changed the rules on API key security after years of precedent.

https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

I'm sure they have a reason for everything they do, but rarely are they good reasons.

[–] db2@lemmy.world 2 points 35 minutes ago

~~Don't be evil~~

[–] Reygle@lemmy.world 3 points 8 hours ago

Good