TECH NEWS

Deleted Google API Keys Remain Active up to 23 Minutes, Study Finds

A new study conducted by the cybersecurity firm Aikido Security reveals that deleted Google API keys stay active and can continue authenticating successfully for up to 23 minutes after they are removed. The results were obtained after running 10 controlled trials over two days to measure the delay.

Key Findings

An API key is a string of data used to authenticate requests between software applications. According to researchers, the Google Cloud Platform (GCP) console shows the key as deleted immediately. However, tests showed that the keys actually take an average of 16 minutes to stop working completely, with the longest delay lasting nearly 23 minutes.

During this timeframe, threat actors holding a leaked key retain full access to any enabled APIs on the project. This allows them to exfiltrate cached conversations and dump files uploaded to Gemini. They can also access BigQuery data and Maps APIs.

Why Does The Issue...

Copyright of this story solely belongs to hackread.com. To see the full text click HERE

Samsung's free 32-inch Odyssey monitor deal is back in stock - how to qualify

The cost of the smart home is going up

The Witcher 3: Wild Hunt lead quest designer recalls the moment he suggested that one character be killed off, says the team's reaction was 'wide eyes and silence' — 'The weight of it is exactly what the act needs'

Source: smart ring maker Oura filed confidentially for a US IPO, set for later in 2026; SF- and Finland-based Oura had an $11B valuation in September 2025