Back to the feed
Developer burned €54k in 13 hours via exposed Firebase key to Gemini API
SaaSDevtoolsLarge Language ModelsBackend & APIsBrowsers

Developer burned €54k in 13 hours via exposed Firebase key to Gemini API

Hacker News·1mo·zanbezi

A maker left an unrestricted Firebase browser key public, which attackers used to hammer Google's Gemini API, generating a massive bill in just over half a day. It's a sharp reminder that browser keys need API restrictions and quota limits, not just secret key rotation—especially when pointing at costly LLM endpoints.

Original story

Read the original on Hacker News

Related stories