Moltbook, an AI-only forum where users connect autonomous agents (often via OpenClaw), suffered a major data breach that exposed 4.75 million records including 1.5 million API authorization tokens, over 35,000 emails, 29,000 early-registration addresses, 4,060 private agent messages and plain-text OpenAI API keys. Wiz found the breach was enabled by exposed Supabase credentials and the absence of Row Level Security, allowing attackers to map the GraphQL schema, impersonate agents, and highlighting the security risks of largely AI-generated code. #Moltbook #OpenClaw #Wiz #Supabase #OpenAI
Keypoints
- Wiz disclosed a breach that leaked 4.75 million records, including API tokens and OpenAI keys.
- The Supabase API key was exposed in client-side JavaScript and Row Level Security was not enforced.
- Researchers used GraphQL to map the database schema, enabling potential agent impersonation.
- 4,060 private agent messages contained plain-text OpenAI API keys.
- Moltbook’s heavy use of AI-generated code highlights the need for thorough human security audits.