Google Gemini API Key Theft Results in $82,314 Fraudulent Charges in 48 Hours

A software development business is facing potential bankruptcy after a thief used stolen Google Gemini API credentials to generate over $82,000 in charges within just 48 hours, according to a Reddit post that has sparked intense discussion about cloud service security and billing protections.

The Scale of the Incident

The victim, Redditor RatonVaquero, operates a small Mexican development firm with three developers. Their typical monthly spending on Gemini AI services averages $180, making the $82,314.44 charge in two days a staggering 455-fold increase in usage.

"I am writing this post in a state of shock and panic," RatonVaquero stated on Reddit. "A thief has been using the account to generate oodles of Gemini 3 Pro Images and Texts."

Security Measures Already Taken

In response to the breach, the affected company has implemented multiple security measures:

• Deleted the compromised API key
• Disabled Gemini APIs entirely
• Rotated all credentials
• Enabled two-factor authentication across all systems
• Locked down Identity and Access Management (IAM)
• Opened an official support case with Google

Google's Initial Response

Initial feedback from Google representatives suggests the company may hold the victim responsible for the charges. The "don't be evil" company appears to be citing its Shared Responsibility Model for cloud services, which places certain security obligations on customers.

"From the Redditor's discussion of their correspondence with Google so far, it looks like the 'don't be evil' company is going to repeatedly cite its 'Shared Responsibility Model' for cloud services accounts," the report notes.

The Security Debate

The incident has sparked debate about whether Google bears some responsibility. Several Redditors pointed out that the stolen API key might have been accessible due to Google's own API key secrecy rule changes.

Calls for Basic Guardrails

RatonVaquero argues that Google lacks "basic guardrails for catastrophic usage anomalies." The company is calling for several protective features:

• Temporarily freezing services pending review during unusual activity spikes
• Implementation of per-API spending caps
• Better anomaly detection for extreme usage patterns

Current Protection Options

An analysis of Google's existing protection mechanisms reveals a tiered approach:

Personal/Consumer Gemini Users:

• Flat monthly fees
• Usage caps prevent unexpected charges

Developer/Business Google AI Studio Users:

• Can set Quotas limiting requests per day or per minute

Google Cloud (Vertex AI) Users:

• Can set Budget Alerts to notify when reaching certain dollar amounts

The Path Forward

The affected company plans to continue discussions with Google representatives and has filed a cybercrime report with the FBI. RatonVaquero hopes to present usage logs showing the extreme spike and request "goodwill credits" as a victim of cybersecurity incident.

"It is Kafkaesque, but usually a bit of stubborn persistence can help get your case seen by the right people for a more favorable outcome," the report suggests.

Industry Implications

This incident highlights a critical gap in cloud service security: while authentication and access controls are well-established, billing protection mechanisms for extreme usage scenarios remain underdeveloped. As AI services become more expensive and powerful, the potential for catastrophic financial damage from compromised credentials increases proportionally.

The case raises questions about the balance between customer responsibility and platform protection, particularly when usage patterns deviate so dramatically from normal behavior. With AI API costs potentially running into tens of thousands of dollars for heavy usage, the stakes for both providers and customers continue to rise.

For now, RatonVaquero's company faces an uncertain future, hoping that Google will show flexibility in what could become a landmark case for cloud service billing disputes and security responsibility.