•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Jesse Davies, a developer who has built more than 120 applications on Google AI Studio, says he regularly monitors Google’s changelog, follows livestreams of new features, sets API keys for each project, and enables two-factor authentication wherever possible. In April 2026, he set a budget alert at 10 AUD (about 200,000 VND) and expected to be notified if spending exceeded that level.
In the morning after the incident began overnight, Davies found an invoice for Google Cloud totaling 25,672.86 AUD (nearly 500,000,000 VND), roughly 2,500 times his budget alert. During the night, Google’s systems logged about 60,000 unauthorized requests to his APIs, including Gemini Pro Image. The investigation initially pointed to an API key Davies could not identify.
Davies says he had constrained spending to 10 AUD, but woke to a bill above 25,000 AUD. He reports that the project contained five valid API keys, yet the key used by the attacker was not among them. After a week of investigation, Davies concluded the incident was not caused by traditional API key theft.
He says the real cause traced back to a Cloud Run service he published from AI Studio a few months earlier. When he pressed Publish in AI Studio, Google automatically deployed the app in public mode, disabled IAM invoker authentication, and stored the API key in plaintext in the container’s environment variable. Davies says someone found the public URL and sent thousands of requests, even though he states the link was not shared or indexed.
Davies describes the “cruel twist” as a billing and authorization mechanism: Google Cloud signed each request on his behalf using the API key stored in the container. He characterizes the event as a consequence of overly permissive default settings rather than a conventional hack.
Davies provided a sequence of charges that began at 10:00 PM and continued through the early morning. Google billed 100 AUD at 10:00 PM, 200 AUD at 10:35 PM, 500 AUD at 10:51 PM, and 1,000 AUD at 11:02 PM. ANZ Bank began declining 2,000 USD, 4,000 AUD, and 6,000 AUD, but accepted 8,000 AUD at 2:32 AM, which Davies says wiped out the remaining balance.
When a subsequent 10,000 AUD charge was declined for insufficient funds, Davies received an email at 9:30 AM stating: “Exceeded 150% of your budget 10 AUD.” He says the dashboard then showed 3,010 AUD and the amount continued to rise.
When Davies contacted support, he says an AI bot could only see a system balance of 13 cents and did not understand the issue. After escalation to a human agent, Davies was advised to turn off billing, which he did.
Davies says turning off billing erased logs of what happened. He was then asked to prove the account had been hacked. During the call, Davies checked rate-limit data and saw thousands of requests still arriving per minute.
He reports that Google’s response was: “That’s what happens when you use our service. Your usage has increased.” Davies says the situation only escalated after he asked why he would spam his own API and requested help. Five minutes later, his account was suspended, and he says the remaining logs and evidence were erased.
Davies later identified another technical factor: his account had been automatically upgraded to a higher tier without notification. He says Google’s public documentation indicates that moving tiers costs 1,000 AUD, but Google’s explanation—“long-time customer”—was not reflected in the official policy he reviewed.
He reports that when the tier advanced to Tier 3, the spending cap increased to 20,000–100,000 AUD and the rate limit opened to the maximum. Davies says this is why the attacker could send 1,000 requests per minute without being blocked.
After a week in which Davies says 32 Google staff reviewed the case—along with three agents, six to seven managers, and numerous ignored emails—he received confirmation that the 25,672.86 AUD debt was forgiven in full. He says the 9,800 AUD Google had split into five payments was also refunded.
Even so, Davies says he still had to cancel his credit card because automatic invoices were reversed, with direct impacts. He also says he has unresolved questions, including where the “mysterious” API key came from, whether it was actually disabled, which traffic came from which IP addresses, and what the error code A85517270361182653 appearing in the subject lines of every email means.
Davies argues that the underlying issues were not new, but tied to Google Cloud default settings: API keys without IP or referrer restrictions, no monthly spending limit, Cloud Run deployed from AI Studio with public mode by default, no automated anomaly detection, and billing tiers increasing automatically when spending thresholds are exceeded.
He says he followed proper steps, but the default configuration turned an ordinary night into a financial crisis, and he notes similar incidents can occur to other developers.
Source: Nguyen Hai
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
