Is there an easy way to know if I'm vulnerable to this? Like some dashboard page that lists all the API keys with "revoke" buttons?
I did something or another with a google API years ago, and am not looking forward to a random surprise bill. They don't have my credit card, so maybe that'd solve the problem. On the other hand, they could hold a gmail account hostage.
You should definitely log in to Google Cloud Console and roll all the keys you see in there if you're unsure. I just did the same thing after I realized I had a lot of surface area with these keys.
I did something or another with a google API years ago, and am not looking forward to a random surprise bill. They don't have my credit card, so maybe that'd solve the problem. On the other hand, they could hold a gmail account hostage.