Google API Keys Remain Usable for 23 Minutes After Deletion
Deleting a Google API key doesn't mean it's immediately useless to hackers - in fact, our experiments show it can remain active for up to 23 minutes, allowing attackers to continue misusing it even after you've tried to revoke access.
#CloudSecurity #ApiKeyManagement #CredentialMisuse #EmergingThreats #GoogleApiKeys
Warnung zu #GoogleApiKeys - #Gemini for free 🤯
Ich bekomme von der #GMDS gerade eine Warnung, dass Google API Keys (z.B. für Google Maps auf Webseiten) oft im Quellcode (HTML-Datei) im Klartext gespeichert werden. Damit lassen sich aber auch kostenpflichtige Dienste wie #Gemini nutzen, was dann dem Inhaber der API-Keys in Rechnung gestellt wird. Also Obacht !
To search for Google API keys recursively in the current folder and its sub-folders with ripgrep:
rg 'AIza[0-9A-Za-z\-_]{35}' -o
Also shared on Shodan Snippets:
https://snippets.shodan.io/c/FHw2r7wWIFmjVAfG
#Security #OneLiner #Google #GoogleAPIKeys #APIkeys #ripgrep #Regex #BugBounty #Snippet
Retroactively changing the role of a token or key is a very bad idea.
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules
Google API Keys Weren't Secrets. But Then Gemini Changed the Rules
https://simonwillison.net/2026/Feb/26/google-api-keys/
#HackerNews #GoogleAPIKeys #Gemini #Changes #TechNews #SecurityUpdates
Google API keys weren't secrets, but then Gemini changed the rules
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules
#HackerNews #GoogleAPIKeys #GeminiRules #SecurityTech #DeveloperNews
Analyst207
DasMammut
SkypLabs
Harry Sintonen
Hacker News