Threat hunters find Google API keys still usable 23 minutes after deletion
Summary
Threat hunters discovered that Google API keys remained accessible for up to 23 minutes after being deleted. This residual access window presents a significant security risk, allowing malicious actors to potentially exfiltrate data or incur unauthorized charges.
IFF Assessment
The discovery of a residual access window for deleted API keys creates an exploitable opportunity for attackers, posing a direct threat to data security and potentially leading to financial loss.
Defender Context
This highlights a critical vulnerability in the lifecycle management of cloud credentials, specifically Google API keys. Defenders must be aware of the potential for a grace period after deletion and implement compensating controls, such as rigorous monitoring for unusual API activity and rapid credential rotation, to mitigate risks.