Moltbook AI Vulnerability Exposes Email Addresses, Login Tokens, and API Keys

What happened

A security vulnerability in the Moltbook AI agent social network exposed sensitive user and agent data through unauthenticated database access. The issue stemmed from a misconfigured backend database that allowed bulk access to email addresses, login tokens, and API keys without authentication. The exposure affected registered AI agent profiles and associated credentials.

Who is affected

Registered Moltbook users and AI agent entities were affected through unauthorized access to authentication tokens and API keys.

Why CISOs should care

Misconfigured AI platforms can expose credentials that enable identity hijacking and abuse of automated systems.

3 practical actions

• Audit backend configurations. Identify unauthenticated database access paths.
• Rotate exposed credentials. Invalidate compromised tokens and API keys.
• Verify access controls. Enforce authentication and authorization checks.

John Kevin Hao

+ postsBio ⮌

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

• John Kevin Hao

  Defense and Intelligence CISOs to Watch: Securing America’s Most Sensitive Missions
• John Kevin Hao

  Iranian Hackers Targeted Major South Korean Electronics Maker in Espionage Campaign
• John Kevin Hao

  UK Moves to Shield Security Researchers in Cybercrime Law Overhaul
• John Kevin Hao

  Federal CISOs to Watch: The Leaders Securing America’s Government Agencies