Mastodawn

【こわい】Google APIキーの脆弱性により13時間で約900万円請求される事案が発生！ Firebase×Geminiで今すぐやるべきセキュリティ対策
https://qiita.com/miruky/items/fde2d0747358cd7870d7?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #AWS #Security #Firebase #Gemini #GoogleCloud

【こわい】Google APIキーの脆弱性により13時間で約900万円請求される事案が発生！ Firebase×Geminiで今すぐやるべきセキュリティ対策 - Qiita

はじめにこんばんは、mirukyです。この画像を見てください。この画像の通り、「FirebaseサービスのAPIキーは非公開ではない」と、Firebaseの公式ドキュメントには書かれています。説明の必要は無いかもしれませんが、FirebaseとはGoogle...

Qiita

GripNews 2d ago

🌕 僅 13 小時帳單暴增 5.4 萬歐元：Firebase 瀏覽器 API 金鑰未設限制遭 Gemini 濫用
➤ 當「公開」API 金鑰成為毀滅性漏洞：開發者不可忽視的成本教訓
✤ https://discuss.ai.google.dev/t/unexpected-54k-billing-spike-in-13-hours-firebase-browser-key-without-api-restrictions-used-for-gemini-requests/140262
本文揭露了一起驚人的雲端帳單災難。一名開發者在啟用 Firebase AI Logic 功能後，因該專案既有的瀏覽器 API 金鑰未設定權限限制，導致遭到外部自動化程式惡意濫用，短短 13 小時內產生了超過 5.4 萬歐元的 Gemini API 帳單。儘管開發者向 Google Cloud 申訴，但因流量認定為從其專案發出，費用最終仍無法減免。此案例警示開發者，即便過去被認為「非機密」的瀏覽器金鑰，在整合 AI 服務後已成為高
#Google Cloud #Firebase #資安事件 #API 管理

Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests

Hello, We are looking for guidance regarding an unexpected €54,000+ Gemini API charge that occurred within a few hours after enabling Firebase AI Logic on an existing Firebase project. Background: We created the project over a year ago and initially used it only for Firebase Authentication. Recently, we added a simple AI feature (generating a web snippet from a text prompt) and enabled Firebase AI Logic. What happened: Shortly after enabling this, we experienced a sudden and extreme spike i...

Google AI Developers Forum

Hacker News 2d ago

€54k spike in 13h from unrestricted Firebase browser key accessing Gemini APIs

https://discuss.ai.google.dev/t/unexpected-54k-billing-spike-in-13-hours-firebase-browser-key-without-api-restrictions-used-for-gemini-requests/140262

#HackerNews #Firebase #Gemini #APIs #billing #spike #browser #key #security

Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests

Hello, We are looking for guidance regarding an unexpected €54,000+ Gemini API charge that occurred within a few hours after enabling Firebase AI Logic on an existing Firebase project. Background: We created the project over a year ago and initially used it only for Firebase Authentication. Recently, we added a simple AI feature (generating a web snippet from a text prompt) and enabled Firebase AI Logic. What happened: Shortly after enabling this, we experienced a sudden and extreme spike i...

Google AI Developers Forum