Pulse of Truth

2329 readers

142 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

Dev stunned by $82K Gemini bill after unknown API key thief goes to town (www.theregister.com)

submitted 2 days ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

3 comments fedilink hide all child comments

Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.…

top 3 comments

sorted by: hot top controversial new old

[–] Bazell@lemmy.zip 8 points 2 days ago* (last edited 2 days ago) (1 children)

Cybersecurity is on top level. Not only haven't they secured their key, they even haven't set the software to alert of sudden spikes in API activity for this key in their environment, assuming, that it took 2 days for them to notice such enormous spendings.

[–] HairyHarry@lemmy.world 7 points 2 days ago

They also apparently didn't set a limit.

[–] FiniteBanjo@feddit.online 7 points 2 days ago

I expect such cases will continue to be more common as slop code worms its way into the market.