Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.

News > Attacks & Threats > Google API Keys Remain Active After Deletion

Google API Keys Remain Active After Deletion

A security researcher discovered the API keys can still be used for up to 23 minutes after deletion, even though the cloud provider claims deletion is immediate.
26 May 2026
Written by Gabi Gerber
Attacks & Threats

Featured

Cloud Security, Hacking Topics, Security Operation Center

Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them.

Joe Leon, researcher at Belgian startup Aikido Security, recently analyzed the revocation window — the time between a key's deletion and its last successful authentication — for the cloud giant's API keys. In a blog post published today, Leon said Google Cloud Platform (GCP) customers expect API access to end immediately after the key is deleted, but this is not the case. More here

Similar Stories

Attacks & Threats

Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet

The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft. More...
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address

“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's bei… More...
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat

AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strik… More...
Attackers Use AI to Automate EDR Evasion Testing

Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Wi… More...
AI-Assisted Exploit Development Outpaces Scanner Detection

Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to ne… More...

Have your say

 

News Categories

Attacks & Threats

Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet

The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft. More...
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address

“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's bei… More...
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat

AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strik… More...
Attackers Use AI to Automate EDR Evasion Testing

Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Wi… More...
AI-Assisted Exploit Development Outpaces Scanner Detection

Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to ne… More...

Show more
image

Contact Us

Security Interest Group Switzerland
c/o Bridge Head AG
Sulzbergstrasse 34
5430 Wettingen
Switzerland

Quick Links

Terms
Contact Us
Privacy Policy
Newsletter

Follow Us

This website is powered by
ToucanTech