Australian AI consultant receives $18,391 bill after attacker exploits exposed API key in published Cloud Run service, highlighting critical security vulnerabilities in Google's API management system.
Australian AI consultant Jesse Davies recently experienced a security nightmare that cost him more than $18,000 in unexpected Google Cloud charges, despite having a budget of just $7 set for his account. The incident, which occurred overnight, demonstrates how a single exposed API key can nullify even well-implemented security measures in cloud environments.
The Incident: From $7 Budget to $18,391 Bill
Davies, founder of Agentic Labs, followed Google Cloud security best practices including per-project API keys, separate billing accounts, two-factor authentication, and Cloud audit logging. However, these precautions were bypassed when an attacker discovered a Cloud Run service he had published months earlier through Google AI Studio.
"The attacker didn't steal my key. They found a Cloud Run service I'd published from AI Studio months earlier, hit the public URL, and Google's own proxy signed every request on their behalf using the API key stored as a plaintext environment variable in the container," Davies explained in his LinkedIn post.
The attacker executed over 60,000 requests in a single night, rapidly exhausting Davies' $10 AUD (approximately $7 USD) budget. By the time Davies received a budget alert the next morning, $10,000 AUD had already been charged to his credit card, which then declined due to insufficient funds. Another $15,000 AUD in charges followed while he was still communicating with Google support.
Google's Automatic Tier Upgrade Compounded the Problem
Adding insult to injury, Google automatically upgraded Davies' account tier without notification. His account was initially at Tier 2 with a $2,000 spending limit, but was automatically upgraded to a higher tier when charges crossed the $1,000 threshold during the attack. This increased his spending cap to between $20,000 and $100,000, allowing the massive bill to accumulate.
"Even though it was public, the link wasn't shared or indexed anywhere," Davies noted, highlighting that the service wasn't intentionally exposed. "By the time I got a budget alert the next morning, A$10,000 had already been charged to my credit card, now getting insufficient funds. I was still talking to Google support when A$15,000 more came through."
Multiple Similar Incidents Reported
Davies shared his experience on Reddit's r/googlecloud subreddit, where he discovered he wasn't alone. Several other users reported similar incidents, including one from Japan who received a $44,000 bill that ballooned to $128,000 even after they attempted to pause the API. Last month, another case emerged where an API thief racked up $82,314.44 in charges on an account that typically saw around $180 per month.
Systemic API Security Issues Identified
Cybersecurity firm Truffle Security has previously highlighted risks associated with Google Cloud's use of a single API key format. These API keys were historically used as project identifiers, but when the Gemini API is activated on any Google Cloud project, existing API keys automatically become Gemini credentials. This means anyone who can copy these keys can potentially rack up significant AI bills on the account.
Davies discovered that nine Google Cloud safety features that could have prevented this incident were turned off by default. This raises questions about Google's default security posture and whether sufficient warnings are provided to users about potential costs and vulnerabilities when deploying services.
Aftermath and Resolution
After several days of trying to reach human customer support, Davies confirmed that Google waived the charges, and his bank credited back the transactions that had already processed. However, the issue isn't fully resolved, as Davies has scheduled a meeting with Google managers to discuss the case.
This incident serves as a cautionary tale for cloud users about the potential financial risks of API exposure, particularly as AI services become more resource-intensive and expensive. It also highlights the need for better default security configurations and more robust spending controls in cloud platforms.
For developers using Google Cloud, this incident underscores the importance of:
- Regularly auditing published services and their API key usage
- Implementing stricter access controls on API endpoints
- Setting up more granular budget alerts and spending limits
- Considering using service accounts with limited permissions rather than project-level API keys
- Monitoring for unusual traffic patterns that might indicate abuse
As AI adoption continues to accelerate, incidents like this are likely to become more common unless cloud providers implement more secure-by-default configurations for API management and billing controls.
Comments
Please log in or register to join the discussion