Threat hunters find Google API keys still usable 23 minutes after deletion

You know your Google API key has leaked so you rush to disable it before bad actors can start running up charges on your account. Bad news: According to security researchers at Aikido, people can use ...
Dark Reading

Google API Keys Remain Active After Deletion

Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, ...
Bleeping Computer

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such ...
Infosecurity-magazine.com

Google API Keys Quietly Gain Access to Gemini on Android Devices

A flaw in Google's API key system has reportedly exposed mobile applications to unintended access to its Gemini AI platform. According to a CloudSEK advisory published on April 8, the issue affects ...
InfoWorld

‘Silent’ Google API key change exposed Gemini AI data

Google Cloud API keys, normally used as simple billing identifiers for APIs such as Maps or YouTube, could be scraped from websites to give access to private Gemini AI project data, researchers from ...
GIGAZINE

Researchers have confirmed that leaked Google API keys may remain usable for approximately 23 minutes after deletion.

API keys are authentication credentials that apps and services use to access APIs such as Google Cloud, and if they are leaked, they can be misused by third parties. Typically, when developers notice ...