Developers Face $82,000 Charges From Stolen Gemini Key

A Mexico-based startup reported a stolen Google Gemini API key generated $82,314.44 in unauthorized charges over a 48-hour period between February 11–12. Truffle Security later discovered 2,863 exposed Google API keys that now authenticate to Gemini, potentially enabling billing abuse and data access. Google acknowledged the report, blocked leaked keys, and says it is working on a root-cause fix.