I got an email this morning from Mapbox saying my key was over quota for a free key.
Logged into the site, checked the stats on my account and found a big bump in Map Tile usage (250K) in the last 3 days..
Digging deeper, the 'offending' site was earthquaketrack{dot}ru/eq_map2/ .. they'd used my quake-json.php script (which is ok),
but scraped my Mapbox key from my quakes.php page. My bill will be $15 US for their overactive usage. Sigh...
So.. a quick regeneration of the Mapbox public key, a password change to the Mapbox site, and removal of the API key from my Settings.php should stop them from harvesting it again.
So.. if you use a free Mapbox key on your site for my map scripts (quake-json, mesonet-map, global-map), watch your usage and if it spikes, remove it from your site and regenerate your mapbox API key and change password for the mapbox website.