Dev stunned by $82K Gemini API key bill after theft

https://www.theregister.com/2026/03/03/gemini_api_key_82314_dollar_charge/?td=rt-3aOpen link View original on sopuli.xyz

Comments4

Daniel Quinn

lemmy.ca

You created a Maps key three years ago and embedded it in your website's source code, exactly as Google instructed. Last month, a developer on your team enabled the Gemini API for an internal prototype. Your public Maps key is now a Gemini credential. Anyone who scrapes it can access your uploaded files, cached content, and rack up your AI bill. Nobody told you.

Yikes.

emerald reply

lemmy.blahaj.zone

I know you shouldn't assume malice over stupidity but I can't see how turning a project ID into an API credential could be anything but malicious and an intentional way to extract fees from people that aren't paying attention

Kairos reply

lemmy.today

Yeah, that's negligence

Lucy :3

feddit.org

"Dev"