
Developer burned €54k in 13 hours via exposed Firebase key to Gemini API
Hacker News·2mo·zanbezi
A maker left an unrestricted Firebase browser key public, which attackers used to hammer Google's Gemini API, generating a massive bill in just over half a day. It's a sharp reminder that browser keys need API restrictions and quota limits, not just secret key rotation—especially when pointing at costly LLM endpoints.
Original story
Read the original on Hacker NewsRelated stories
AI
HYVE Ether OS goes on pre-sale: a $499 sovereign AI operating system you actually ownVibe Software Solutions·1mo·Anthony S. Owens
Devtools
Cloudflare's Turnstile CAPTCHA leaks fingerprinting data via WebGLHacker News·1mo·HypnoticOcelot
