1次操作莫名背上10.6万元账单、Gemini API密钥被盗、项目濒临崩溃 ...

由于他的 Gemini API 密钥被盗用,原本每月仅约 180 美元(约 1242 元)的费用,在短短 48 小时内暴涨到 82,314.44 美元(约 56.8 万元)。对于这家只有三名开发者的小型创业团队来说,这笔突如其来的账单,几乎等同于灭顶之灾。
SecurityWeek

Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access

Threat actors can extract Google API keys embedded in Android applications to gain access to Gemini AI endpoints and ...
腾讯网

1次操作莫名背上10.6万元账单、Gemini API密钥被盗、项目濒临崩溃 ...

一次看似普通的测试操作,却引来 1.54 万美元(约 10.6 万元)的账单。这对一个刚起步的独立开发者来说,几乎是致命打击。 近日,24 岁独立开发者 vatcode 在社交媒体平台 Reddit 上发布求助帖——《Google 默认不安全的 API 密钥,加上 30 小时账单延迟,是如何 ...
heise online

Google's unprotected API keys a security and cost risk due to Gemini AI

Google is working to fix a problem with its API keys after security researchers pointed out possible misuse. This is because the keys for accessing Google's cloud services, such as Maps or Firebase, ...
Infosecurity Magazine

Google API Keys Quietly Gain Access to Gemini on Android Devices

A flaw in Google's API key system has reportedly exposed mobile applications to unintended access to its Gemini AI platform.
GIGAZINE

The API key that Google had announced as 'OK to publish' is also the Gemini authentication ...

The Google Maps documentation also provides an example of including an API key in your website's code. In fact, until now, even if a website administrator made the above API key public, they would not ...