3/30/2026 at 7:24:53 PM
by tertervat
3/30/2026 at 9:39:55 PM
This is interesting but the linked articles is even more interesting.https://trufflesecurity.com/blog/google-api-keys-werent-secr...
> Even Google themselves had old public API keys, which they thought were non-sensitive, that we could use to access Google’s internal Gemini.
This is just a classic slow clap here for Cloud.
by kingstnap
3/30/2026 at 9:53:30 PM
Some more discussion: https://news.ycombinator.com/item?id=47156925by ChrisArchitect
3/30/2026 at 9:33:07 PM
Is there an easy way to know if I'm vulnerable to this? Like some dashboard page that lists all the API keys with "revoke" buttons?I did something or another with a google API years ago, and am not looking forward to a random surprise bill. They don't have my credit card, so maybe that'd solve the problem. On the other hand, they could hold a gmail account hostage.
by hedora
3/30/2026 at 11:01:02 PM
You should definitely log in to Google Cloud Console and roll all the keys you see in there if you're unsure. I just did the same thing after I realized I had a lot of surface area with these keys.by drewnick
3/30/2026 at 9:22:16 PM
I really hope that one effect of ai code generators making code cheaper to write is that the calculus around "accept vendor lock in return for getting up and running faster" changes dramaticallyby zem
3/31/2026 at 5:41:03 AM
[dead]by thestack_ai
3/30/2026 at 8:46:41 PM
[dead]by cumshitpiss
3/30/2026 at 7:51:43 PM
[dead]by opsdu