Stolen Gemini API Key Leads to $82,000 in Unauthorized Charges for Mexican Development Team
A small development team in Mexico, consisting of three members, is grappling with a financial crisis after a stolen Google Cloud API key resulted in unauthorized charges totaling $82,314.44 over a mere 48-hour period. This incident, occurring between February 11 and 12, 2026, saw attackers exploit the team’s credentials to access the Gemini 3 Pro Image and Gemini 3 Pro Text endpoints, causing their usual monthly bill of $180 to skyrocket by 455 times.
The developers believe this breach is part of a larger trend where foreign threat actors aggressively scrape U.S. AI models for data distillation. Despite taking immediate action by deleting the compromised key, rotating credentials, and tightening their Identity and Access Management (IAM) settings, the team encountered significant challenges with customer support.
Understanding the Shared Responsibility Model
Google Cloud representatives pointed to the Shared Responsibility Model, emphasizing that users are ultimately accountable for the security of their own credentials. This situation underscores the risks associated with insecure default settings.
Recent findings by security firm Truffle Security revealed that nearly 3,000 legacy Google API keys, initially used for basic services like Google Maps, were exposed on public websites. Due to Google Cloud keys defaulting to an Unrestricted setting, enabling the Gemini API in a project can inadvertently grant these old, public keys powerful AI access without the owner’s knowledge.
Essential Google Cloud Security Measures
To mitigate such risks, it’s crucial to implement the following security controls:
– Hard Spending Limits: Utilize Cloud Billing Budgets to set alerts at 50%, 90%, and 100% usage thresholds, and configure automatic billing disablement upon reaching the cap.
– Key Scoping: Apply API Key Restrictions to limit keys to specific APIs and constrain access by IP address or referrer.
– Access Control: Employ IAM & Service Accounts to use short-lived tokens or Workload Identity instead of long-lived API keys.
– API Quota Caps: Adjust API & Services Quotas to align with actual Gemini usage, reducing requests per minute or day as needed.
With a valid API key, attackers can not only incur substantial Large Language Model (LLM) usage charges but also access uploaded files and cached data within the victim’s account. Unlike some platforms, Google Cloud does not automatically implement hard billing cut-offs when usage spikes, necessitating manual configuration of strict guardrails to prevent automated bots from rapidly depleting accounts.
Navigating Billing Disputes
While Google’s initial stance on billing disputes may be stringent, persistence can lead to favorable outcomes. There have been instances where Google waived significant API bills, such as a student’s $55,444 charge, when users provided comprehensive evidence, including detailed usage logs, police reports, and proof pinpointing the exact source of the leaked key.
Google has also initiated measures like automatically disabling exposed service account keys detected in public GitHub repositories. However, this does not safeguard against keys stolen directly from developer endpoints. Therefore, proactive misconfiguration checks remain the most reliable defense against catastrophic cloud bills.
