Attention si vous avez des clé API Google Maps :

Google said it encourages all customers to implement robust security practices, including enabling multi-factor authentication, routinely auditing API keys, and ensuring credentials are never committed to public repositories.

But those explanations are complicated by developers and security threat researchers who said there are thousands of accounts which are following Google's own site configuration rules by placing their APIs in a public client.

Additionally, one user told The Register they had spending caps in place that should have stopped any bill over $250. Yet according to Google those caps can be automatically upgraded to $100,000 – without user input – if the user has spent a total of $1,000 throughout the life of the account, and the account is more than a month old.

“You have this Google Maps key, which you know, everyone uses, and the guidance from Google is you're supposed to load it in your front end. So we did that, and all of a sudden they changed the keys so that the Google Maps key, which is exposed publicly, could be used for Gemini, and then they didn't disclose that to customers,” he said. “So then, all of a sudden, I just get multiple emails in a row. It's like $3,000, $5,000, $10,000 charged on your Google account.”