Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed

A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.

"I am in a state of shock and panic right now," the dev wrote on Reddit, and went on to detail how his startup's Google Cloud API key was somehow compromised between February 11 and February 12. During that time, unknown miscreants used the key to spend $82,314.44, primarily on Gemini 3 Pro Image and Gemini 3 Pro Text.

This is quite a cost jump, considering the three-developer Mexico-based company, usually spends $180 a month. This was about a 46,000 percent increase.

After deleting the compromised key, disabling the Gemini APIs, rotating credentials, and taking other security precautions, the developer says he opened a support case with Google and got nowhere.

A Google ...