Dev stunned by $82K Gemini API key bill after theft • The Register
Dev stunned by $82K Gemini API key bill after theft • The Register
https://www.theregister.com/2026/03/03/gemini_api_key_82314_dollar_charge/
Publish Date: 2026-03-03 18:19:00
Source Domain: www.theregister.com
A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.
“I am in a state of shock and panic right now,” the dev wrote on Reddit, and went on to detail how his startup’s Google Cloud API key was somehow compromised between February 11 and February 12. During that time, unknown miscreants used the key to spend $82,314.44, primarily on Gemini 3 Pro Image and Gemini 3 Pro Text.
This is quite a cost jump, considering the three-developer Mexico-based company, usually spends $180 a month. This was about a 46,000 percent increase.
After deleting the compromised key, disabling the Gemini APIs, rotating credentials, and taking other security precautions, the developer says he opened a support case with Google and got nowhere.
A Google representative allegedly cited the company’s shared responsibility model – Google secures its platform and users must secure their own tools – and said the Chocolate Factory had to charge the developer for the unauthorized API costs.
This, the dev wrote, “really worries me. If Google attempts to enforce even a third of this amount, our company goes bankrupt. We are barely surviving and hoping one of our products work.”
It looks like he may not be alone in his worries – or in experiencing API key compromise.
Thousands more where that came from
Truffle Security researchers scanned millions of websites and found 2,863 live Google API keys – originally used as project identifiers for billing purposes – that now also authenticate to Gemini, thus giving attackers access to sensitive data, and allowing them to rack up unauthorized charges on someone else’s account.
“With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your…
