Exposed Google API Keys Lead to Unauthorized Charges, Google Responds with "Intended Behavior"

💬 2,863 Google API keys on public websites now silently authenticate to Gemini. One developer was billed $82,314 in 48 hours. Google's initial response: "Intended Behavior."A blog post details the discovery of 2,863 exposed Google API keys that can silently authenticate to Gemini services. One developer reported receiving an $82,314 bill within 48 hours due to unauthorized usage. Google’s initial response to the issue was described as labeling it "intended behavior."