Developers Face $82,000 Charges From Stolen Gemini Key

A Mexico-based startup reported a stolen Google Gemini API key generated $82,314.44 in unauthorized charges over a 48-hour period between February 11–12. Truffle Security later discovered 2,863 exposed Google API keys that now authenticate to Gemini, potentially enabling billing abuse and data access. Google acknowledged the report, blocked leaked keys, and says it is working on a root-cause fix.
Key Points
- 1Stolen Google Gemini API key incurred $82,314.44 of unauthorized charges within 48 hours (Feb 11–12).
- 2Truffle found 2,863 exposed Google API keys enabling Gemini authentication and potential billing abuse.
- 3Practitioners must rotate keys, scan repositories, and enforce least-privilege to prevent large unauthorized bills.
Scoring Rationale
High practical impact from widespread exposed keys and official acknowledgment; novelty limited to credential/implementation issue.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
