How a Google API Key Became an $8,000 AI Bill, Meta Scam Ads Lawsuit, and 73-Second Cyber Attacks
5/15/202610 min
Google Cloud customers are reporting shocking surprise bills after compromised or misused API keys were allegedly used to access expensive Gemini AI services. In one case, Rod Dinan says his monthly Google Cloud costs jumped from under $50 to nearly $8,000. Sydney developer Isuru Fonseka says he was hit despite setting spending controls, raising broader questions about API key security, client-side exposure, billing alerts, and how quickly attackers can exploit AI infrastructure.
Cybersecurity Today also covers prosecutors' allegations that two fired brothers sabotaged systems tied to government-related work after access wasn't revoked quickly enough, Santa Clara County's civil lawsuit accusing Meta of profiting from scam ads on Facebook and Instagram, and Horizon3.ai's warning that attackers can exploit newly exposed systems in as little as 73 seconds while many organisations still take 24 hours or longer to respond.
If your organisation uses APIs, AI services, cloud billing controls, or internet-facing infrastructure, this episode matters.
#Cybersecurity #GoogleCloud #GeminiAI #APIKeys #CloudSecurity #Meta #ScamAds #CyberAttack #CybersecurityToday #AIsecurity
CHAPTERS
00:00 Google Cloud API Key Bill Shock
01:20 Real-World Victims: Surprise AI Charges
02:24 Why Spending Caps Didn't Stop the Damage
03:38 The Enterprise Cloud Security Risk
04:19 Fired Employees and Alleged Insider Sabotage
04:55 The Database Destruction Timeline
06:34 What This Incident Teaches Security Teams
07:10 Santa Clara County Sues Meta Over Scam Ads
08:46 Attackers Can Strike in 73 Seconds
10:14 Closing and Next Episode
Transcript preview
First 90 secondsJim Love· Host0:00
Google Cloud customers hit with massive AI API fraud bills. Fired IT worker allegedly wipes ninety-six government databases in a revenge attack. Meta faces fresh lawsuits over scam ads as legal pressures build. And attackers broke in within seventy-three seconds, defenders needed twenty-four hours. This is Cybersecurity Today. I'm your host, Jim Love. Google Cloud customers are discovering that a compromised API key can turn a modest development bill into a financial nightmare, with unauthorized charges climbing into the thousands of dollars in minutes. The issue appears to involve exposed or misused Google API keys, the credentials apps used to access cloud services. Google says this is an industry-wide security problem and urges customers to use stronger protections, including multi-factor authentication, regular API key audits, and never exposing credentials in public code repositories. Good luck on that one. But developers and security researchers argue the picture is more complicated. Some say thousands of applications are configured according to Google's own documentation, which in some cases requires API keys to be used in public-facing client applications. According to The Register, who broke the story, attackers also appear to be taking API keys originally intended for relatively inexpensive services like Google Maps