Threat hunters find Google API keys still usable 23 minutes after deletion
Security researchers have discovered a vulnerability in Google's API key management system. Deleted API keys can remain active for up to 23 minutes, potentially allowing unauthorized access. This loophole was identified by Aikido Security, who found that the keys continue to authenticate despite the Google Cloud UI indicating they have been removed. AI
IMPACT This vulnerability could expose sensitive data and systems to unauthorized access if not properly managed.