Hello everyone,
I’m from Brazil and run a simple website for my family’s tire shop, hosted on Google Cloud since 2020. Our monthly bill was always around $44 USD. That changed overnight.
What happened:
-
In 2021 I created an unrestricted API key exclusively for Google Maps (used on our public site with Elementor).
-
In late 2025 I used AI Studio to build a small internal app for tire classification. AI Studio asked to enable the Gemini API — I approved. It did not warn me that this would give every unrestricted key in the project access to Gemini.
-
On June 10, 2026, within a single hour, our credit card was charged **$7,500** (and another $6,500 is pending). Over 600k Gemini API calls were made using that old 2021 key — an obvious exploit.
Key evidence that this is a platform‑side risk:
Just today I received the attached email from the Gemini API team. It states:
“API keys generated by Google AI Studio are restricted by default… A project that contains additional, unrestricted API keys can pose a risk… Possible impacts may include: Financial risk… Data exposure…”
And they’re now requiring all unrestricted keys to be restricted by June 19, 2026.
This is exactly what hit us: a silent permission inheritance that turned a Maps key into a Gemini key with no warning.
Additionally, a YouTube video from March 2026 (https://www.youtube.com/watch?v=z5wfFb33RtM) already exposed that the default Google Maps API setup leaves keys unrestricted and public. Google is only fully enforcing restrictions on June 19 — 9 days after my family’s card was drained.
I’ve already secured everything (rotated keys, applied restrictions), but the financial damage is done. We cannot afford to pay this bill. I opened billing case #72154838 and security incident #72156050 within hours, but the billing data took 10 hours to appear, and I only received an automated “suspicious activity” alert 2 hours after the attack.
I have filed a bank dispute as a precaution, but I truly want to resolve this amicably with Google. I’m asking for a full refund of the fraudulent Gemini charges, given that:
-
AI Studio silently expanded the key’s permissions without clear consent.
-
Google’s own Gemini team now acknowledges this unrestricted‑key risk as a financial danger.
-
The vulnerability was publicly known for months before Google acted.
If anyone from the Google Cloud or AI Studio team sees this, please take a look at case #72154838 (billing) and #72156050 (security). I’ll share some screenshots translated to English below.
Thank you for any help or visibility you can give.
Best regards,
Lúcio
