{"id":220198,"date":"2026-03-03T18:19:00","date_gmt":"2026-03-03T23:19:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/03\/dev-stunned-by-82k-gemini-api-key-bill-after-theft-the-register\/"},"modified":"2026-03-05T09:30:11","modified_gmt":"2026-03-05T14:30:11","slug":"dev-stunned-by-82k-gemini-api-key-bill-after-theft-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/03\/dev-stunned-by-82k-gemini-api-key-bill-after-theft-the-register\/","title":{"rendered":"Dev stunned by $82K Gemini API key bill after theft \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/03\/gemini_api_key_82314_dollar_charge\/\">Dev stunned by $82K Gemini API key bill after theft \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/03\/gemini_api_key_82314_dollar_charge\/\">https:\/\/www.theregister.com\/2026\/03\/03\/gemini_api_key_82314_dollar_charge\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-03 18:19:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.<\/p>\n<p>&#8220;I am in a state of shock and panic right now,&#8221; the dev wrote on Reddit, and went on to detail how his startup&#8217;s Google Cloud API key was somehow compromised between February 11 and February 12. During that time, unknown miscreants used the key to spend $82,314.44, primarily on Gemini 3 Pro Image and Gemini 3 Pro Text.<\/p>\n<p>This is quite a cost jump, considering the three-developer Mexico-based company, usually spends $180 a month. This was about a 46,000 percent increase.<\/p>\n<p>After deleting the compromised key, disabling the Gemini APIs, rotating credentials, and taking other security precautions, the developer says he opened a support case with Google and got nowhere.<\/p>\n<p>A Google representative allegedly cited the company\u2019s shared responsibility model \u2013 Google secures its platform and users must secure their own tools \u2013 and said the Chocolate Factory had to charge the developer for the unauthorized API costs.<\/p>\n<p>This, the dev wrote, &#8220;really worries me. If Google attempts to enforce even a third of this amount, our company goes bankrupt. We are barely surviving and hoping one of our products work.&#8221;<\/p>\n<p>It looks like he may not be alone in his worries \u2013 or in experiencing API key compromise.<\/p>\n<h3 class=\"crosshead\">Thousands more where that came from<\/h3>\n<p>Truffle Security researchers scanned millions of websites and found 2,863 live Google API keys \u2013 originally used as project identifiers for billing purposes \u2013 that now also authenticate to Gemini, thus giving attackers access to sensitive data, and allowing them to rack up unauthorized charges on someone else&#8217;s account.<\/p>\n<p>&#8220;With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/03\/gemini_api_key_82314_dollar_charge\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dev stunned by $82K Gemini API key bill after theft \u2022 The Register https:\/\/www.theregister.com\/2026\/03\/03\/gemini_api_key_82314_dollar_charge\/ Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":220199,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2026\/03\/03\/stunned_jaw_drop_beard_computer.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[17],"class_list":["post-220198","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-llm"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220198"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=220198"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220198\/revisions"}],"predecessor-version":[{"id":220200,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220198\/revisions\/220200"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/220199"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=220198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=220198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=220198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}