WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2026 Poal.co

804

So yeah... That's a thing. If you are in tech. Plan accordingly when you fire pajeets or you might get 90+ databases deleted via API key.

Archive: https://archive.today/KlHVZ

From the post:

>Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, recently analyzed the revocation window — the time between a key's deletion and its last successful authentication — for the cloud giant's API keys. In a blog post published today, Leon said Google Cloud Platform (GCP) customers expect API access to end immediately after the key is deleted, but this is not the case.

So yeah... That's a thing. If you are in tech. Plan accordingly when you fire pajeets or you might get 90+ databases deleted via API key. Archive: https://archive.today/KlHVZ From the post: >>Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, recently analyzed the revocation window — the time between a key's deletion and its last successful authentication — for the cloud giant's API keys. In a blog post published today, Leon said Google Cloud Platform (GCP) customers expect API access to end immediately after the key is deleted, but this is not the case.
[–] 1 pt

This is certainly an issue, but that's why you disable network access when those users aren't working on things, and then you fire them.

You have to expect some small delay when that much data is being handled (like Google does.) Systems have to be informed of the decision and queue the changes up with the millions of other changes that are being made.