A Google Gemini user has taken to Reddit “in a state of shock and panic.” The issue is with the most recent bill received by their software development business. Redditor RatonVaquero’s generally spends $180 per month for Gemini AI services. However, in just 48 hours last month, their account “generated $82,314.44 in charges.” A thief has been using the account to generate oodles of Gemini 3 Pro Images and Texts. 0` * `` (U+FFEF) * I will copy it exactly as it appears in the prompt. * Final check on the sentence: If Google doesn’t back off regarding these substantial costs from the alleged “stolen Gemini API key,” it will bankrupt the firm. * Wait, "non-trivial" is one word. "Substantial" is one word. * "fees" is one word. "Costs" is one word. * "suspected" is one word. "Alleged" is one word. * "company" is one word. "Firm" is one word. * "back down" is two words. "Back off" is two words. * "regarding" is one word. "Concerning" is one word. * Let's use "concerning" instead of "regarding" just to change more words. * "If Google doesn’t back off concerning these substantial costs from the alleged “stolen Gemini API key,” it will bankrupt the firm." * Wait, "regarding" (1) vs "concerning" (1). Both are fine. * Final check on the "no quotes" rule. * Final check on the "no meta-text" rule. * One last look at the input: `If [[
Regrettably, taking precautions far too late, RatonVaquero has now “Removed the breached key, Deactivated Gemini APIs, Refreshed credentials, Activated 2FA universally, Tightened IAM, [and] Initiated a support case.” On the latter point, initial feedback from a Google rep they contacted indicates that the charges will probably stick.
Curiously, however, various Redditors also mention that the compromised API key(s) could have potentially been easily accessible, and it is Google’s fault for reversing its API key confidentiality policies.
Pleading for some ‘leniency,’ RatonVaquero, one of three developers at the impacted Mexican software house, laments that Google lacks “basic guardrails for catastrophic usage anomalies.” The variation in application, from a Typical $180pcm to $82,000+ within 48 hours, certainly seems like a massive surge. RatonVaquero also says that there should be features like temporarily freezing services until review and the implementation of per-API spending caps.
A look into this overcharging issue indicates that Personal/consumer Gemini customers can’t accidentally spend more than their flat monthly fee. Instead, they have usage caps. Moving up to Dev/Business Google AI Studio users, they can set Quotas (limiting the number of requests per day or per minute). Meanwhile, Google Cloud (Vertex AI) users can set Budget Alerts to notify them when they reach a certain dollar amount.
RatonVaquero says they will talk again with a Google rep soon, and have filed a cybercrime report with the FBI. Now they are basically hoping for a softening of big G’s stance. They may be able to share the logs of their unusual “455x spike” in usage, and ask for “goodwill credits” as victims of a cybersecurity incident. It is Kafkaesque, but usually a bit of stubborn persistence can help get your case seen by the right people for a more favorable outcome.
Follow 3DTested on Google News, or add us as a preferred source, to obtain our newest reports, breakdowns, & appraisals via your feeds.
