Skip to content
The Nexus
SECURITYMay 21 · 20:23 UTCTHE REGISTER

Threat hunters find Google API keys still usable 23 minutes after deletion

Security researchers at Aikido discovered that Google API keys remain usable for up to 23 minutes after deletion, creating a significant vulnerability window for attackers. When combined with Google's automatic billing tier upgrades, compromised keys can lead to devastating financial charges as bad actors exploit Gemini and other services before the credentials are fully revoked across Google's infrastructure.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this