Developers and startups are sharing stories on social media about staggering bills from Google Cloud, reaching tens of thousands of dollars, due to unauthorized use of their Gemini API keys by third parties.
Developers and startups are sharing stories on social media about staggering bills from Google Cloud, reaching tens of thousands of dollars, due to unauthorized use of their Gemini API keys by third parties.
Forgotten dead projects and old Google Maps or Firebase keys suddenly turn into huge unpredictable bills in Google Cloud, reports Cybernews.
Developers are seeking help on the “Build with Google AI” forum, where some complaints mention staggering amounts: for example, $67,000 for 19 hours or €54,000 for 13 hours.
The Google Cloud subreddit has become a bottomless pit of despair for people who are suffering from massive overspending and spending limits that don't really limit anything.
And the amounts involved are simply devastating. Here are just a few headlines published in recent months:
Went to bed with a $10 budget notification. Woke up with a debt to Google Cloud of $25,672.86.
80,000 Norwegian kroner ($7,500) disappeared from my Google Cloud account in 5 minutes — a detailed technical breakdown of how the attack worked.
Received a bill for $10,138 in March 2026 due to a documented vulnerability in Gemini's API key - support closed my request twice, stating that "no fraud was detected."
NOTE: "Spending limits" in Google Cloud/Gemini API do NOT work in real time (we were charged $1,800 with a limit of $100).
Google Cloud detected a $975 API key fraud in my account, sent one email at 11pm, and then let the bill grow to $18,596 — five support agents have already refused to help.
$10 budget alert — stolen Gemini API key “spins” $1,300 in a few minutes.
Cases of overspending have become so widespread that some users have suggested creating a separate subreddit for this.
Cybernews has not found any cases where developers have successfully refunded their money or collected fees. Many users are looking for advice on how to avoid such situations.
All stories follow a similar pattern — Google Cloud bills suddenly increase after external abuse of a compromised or leaked Google API key, even if it was not used for Gemini, and even if Google itself previously stated that their disclosure was permitted.
Similar attacks have been happening for some time. Back in March, dev.ua reported on a small development team facing bankruptcy due to a bill of $82,314.44 , which is 457 times the average payment of $180.
Joonhyun Choi, COO of Colavo Ground, a South Korean company that develops a mobile CRM system for beauty professionals, ran into a problem with an unrestricted Android API key that was automatically generated by Firebase when the project was created in 2016.
“This key has been continuously and legitimately used for Firebase services in our Android app for nearly a decade without incident — exactly as described in Google’s documentation at the time,” the post says.
However, on April 18, an unexpected coordinated botnet attack began, which began using this key to make unauthorized calls to the Gemini API.
The attack intensity peaked at 931 requests per second. The team immediately imposed a key limit, but it was too late. Google admitted that the project had been hacked, but — at least initially — rejected their appeal of the $67,000 bill they had accumulated in just 19 hours.
"If this amount has to be paid in full, our startup faces immediate bankruptcy," the post's author wrote in a desperate plea for help.
Junhyung noted that Google’s automatic key restriction policy, implemented in May 2024, never applied to their key, even though its access should have been limited to Firebase API services. However, the key was later automatically granted permission to make bulk calls to the Gemini API. The COO provided screenshots that confirm that the team never used Gemini, and that all activity was solely from the attackers.
In February, Truffle Security discovered that old Google API keys, previously used in other projects as harmless identifiers, instantly turned into “time bombs” once they gained access to the Gemini API.
Thousands of Google's multi-purpose API keys can be found publicly available on websites, in code repositories, in apps, and elsewhere, with Google itself previously encouraging users to "safely embed them in client code."
Until now, the Firebase support page stated that "API keys for Firebase services are not secret," but now there are additional caveats urging developers to ensure that access to them is appropriately restricted.
“You created the Maps key three years ago and inserted it into your site’s source code exactly as Google instructed,” Truffle Security experts previously noted.
“Then a developer on your team enabled the Gemini API for an internal prototype. And so your Maps public key is now your Gemini credentials. Anyone who scrapes it will have access to your uploaded files, cached content, and can blow your AI bill into the sky. And no one warned you about this.”
And that is exactly what is happening now.
Logan Kilpatrick, a product manager at Google AI Studio, explained that billing account limits are finally available to Gemini API users. Tier 1 users now have a default limit of $250 per month, “after which access is automatically blocked.”
“There is a 10-minute delay in the entire reporting system,” Kilpatrick noted.
“We now support project-level spending limits. If you want to set an individual spending limit, you can do that too. I have mine set at $50 so I don’t accidentally overspend while developing. There’s a similar 10-minute delay here as well.”
Google is looking to disable the use of unlimited API keys in the Gemini API and is now generating more secure authentication keys by default for new Gemini users.
Moreover, the tech giant is implementing prepaid billing worldwide, which means users have to pay upfront to use the Gemini API and have more control over their spending.
“In general, you should avoid putting a key in your client-side code, as if it is exposed, even with the above restrictions, you could incur costs,” Kilpatrick warned. “In many cases, we can automatically detect when a key is visible on a public network and automatically disable those keys for security reasons.”
