Full Report
Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.…
Analysis Summary
# Incident Report: Unauthorized Gemini API Usage and Financial Loss
## Executive Summary
A Mexico-based startup suffered a catastrophic financial loss exceeding $82,000 in just 48 hours after a Google Cloud API key was compromised. The attacker leveraged the stolen key to run massive workloads on Gemini 3 Pro models. The incident highlights a systemic vulnerability where legacy public API keys (traditionally used for non-sensitive identification) were automatically granted high-cost authentication privileges for Google’s Gemini AI services.
## Incident Details
- **Discovery Date:** February 12, 2026 (estimated)
- **Incident Date:** February 11 – February 12, 2026
- **Affected Organization:** Undisclosed 3-developer startup
- **Sector:** Technology / Software Development
- **Geography:** Mexico
## Timeline of Events
### Initial Access
- **Date/Time:** February 11, 2026
- **Vector:** Theft of exposed Google Cloud API key.
- **Details:** The key was likely scraped from public-facing web assets or source code where it had been previously deployed as a project identifier.
### Lateral Movement
- **N/A:** The attacker did not move through the internal network; they used the authenticated API key to access Google Cloud’s Gemini infrastructure externally.
### Data Exfiltration/Impact
- **Financial Impact:** Unauthorized usage charges of $82,314.44.
- **Services Abused:** Primarily Gemini 3 Pro Image and Gemini 3 Pro Text.
### Detection & Response
- **Detection:** Developer discovered the massive cost spike in the billing console (a 46,000% increase over the $180/mo average).
- **Response Actions:** Deleted the compromised key, disabled Gemini APIs, and rotated all credentials.
## Attack Methodology
- **Initial Access:** Exploitation of leaked/public API keys (`AIza...` prefix) found on websites or in public repositories.
- **Persistence:** None required; the API key provided standing access until revoked.
- **Privilege Escalation:** "Privilege Creep" – Publicly exposed keys originally meant for Maps/Firebase were automatically granted Gemini API permissions by Google without explicit developer awareness.
- **Defense Evasion:** Use of legitimate API endpoints to mask malicious activity as valid developer traffic.
- **Credential Access:** Scraping/searching for the distinctive `AIza` string in HTML or public code.
- **Discovery:** Identifying valid keys that have Gemini API access enabled.
- **Impact:** Financial exhaustion/Resource exhaustion via LLM-usage billing.
## Impact Assessment
- **Financial:** $82,314.44 in unauthorized charges.
- **Data Breach:** Potential exposure of uploaded files and cached data associated with the Gemini account.
- **Operational:** Near-bankruptcy of the startup; cessation of development to handle incident response.
- **Reputational:** Public disclosure of the incident on Reddit; highlighting risks of unmanaged legacy keys.
## Indicators of Compromise
- **Behavioral indicators:**
- Unprecedented spike in API billing (46,000% increase).
- Massive volume of requests to `Gemini 3 Pro Image` and `Gemini 3 Pro Text` from unknown IP addresses.
## Response Actions
- **Containment:** Deletion of the compromised API key and disabling of Gemini API services.
- **Eradication:** Rotation of all Google Cloud credentials.
- **Recovery:** Opening a support case with Google Cloud (ongoing dispute regarding $82k liability).
## Lessons Learned
- **Shared Responsibility Ambiguity:** Google's documentation previously stated API keys were "not secrets," creating a false sense of security when those same keys were later granted access to expensive AI services.
- **Legacy Credential Risk:** Publicly identifiers can become sensitive credentials as platforms evolve and add new capabilities to existing API key structures.
- **Lack of Spending Guards:** The organization lacked hard billing caps or real-time alerting to prevent a two-day spike from reaching $82k.
## Recommendations
- **Implement Billing Alerts:** Set up granular budget alerts and "hard caps" on Google Cloud to disable services when costs exceed a certain threshold.
- **Secret Scanning:** Use tools like TruffleHog to scan CI/CD pipelines, public websites, and repositories for `AIza` keys.
- **Restrict API Keys:** Configure API keys with "API Restrictions" to ensure they can only access specific services (e.g., only Maps, not Gemini).
- **Apply Application Restrictions:** Restrict API keys to specific HTTP referrers, IP addresses, or mobile app IDs.
- **Review Legacy Keys:** Audit all active Google Cloud API keys produced before the enabling of Gemini services to ensure they are not exposed in public HTML.