"Two of the Google Cloud developers who were hit with bills for thousands of dollars following unauthorized API calls to Gemini models have had their bills reversed, the users told The Register in recent days. But Google plans to continue automatically expanding users' spending limits, leaving them and countless other customers vulnerable to bills they cannot afford, whether from fraud or a sudden traffic surge."
"Australia-based developer Isuru Fonseka - whose usage bill skyrocketed to $17,000 in minutes after Google automatically upgraded his $250 spending tier when a hacker took control of his account - told us that he was happy to put this behind him. "It's so good. It felt like they were just giving me the run around until your article. I just hope they fix it properly for everyone," he said. "It's great that the article was able to get the refund but it's sad that it had to go to that level for them to process it urgently.""
"Despite refunding his money, Google seems to have lost a customer. Fonseka said that he has since ensured his API cannot be used with Google's stable of AI products, and will likely try one of the independent foundation models if he needs those features. "I've disabled Gemini on everything - if I ever plan to use AI on my projects, I'm better off using it via a different service such as OpenRouter or going directly to one of the other LLM providers - just as a way to keep Gemini out of my account and the risk as low as possible," he said."
"Fonseka said he was blindsided by a Google policy that allowed the company to automatically upgrade a user's billing tier without permission or adequate warning. He had thought by signing up for a user tier with a $250 spending cap that his bills would be restricted to that amount. It was only after attackers exploited his API key that he learned Google would upgrade the cap automatically based on his history of spending."
Two Google Cloud developers reported that refunds were issued after unauthorized API calls to Gemini models caused thousands of dollars in charges. One developer’s bill rose to about $17,000 within minutes after an attacker took control of his account and Google automatically increased his spending tier from $250. The developer said the refund resolved the immediate issue but expressed concern that it required external pressure to be processed quickly. After receiving the refund, he disabled Gemini access to reduce future risk and planned to use alternative services or other model providers. He criticized a policy that allows automatic billing-tier upgrades without adequate warning, which undermined the expectation of a fixed spending cap.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]