A Firebase project experienced a €54k Gemini API billing spike in 13 hours after enabling Firebase AI Logic with an unrestricted browser API key. Automated requests exploited the exposed credentials overnight; alerts triggered too late. Google Cloud support confirmed valid charges and denied billing adjustment despite the anomalous pattern.
Infrastructure
€54k spike in 13h from unrestricted Firebase browser key accessing Gemini APIs
Unrestricted Firebase browser key exposed to automated exploitation, racking up €54k in Gemini API charges in 13 hours with Google Cloud support refusing refund.
Thursday, April 16, 2026 12:00 PM UTC2 MIN READSOURCE: Hacker NewsBY sys://pipeline
Tags
infrastructure