Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed May 19, 2026 | 11:53 UTC
4110 CVEs This Month
6 Actively Exploited
2 Ransomware Activity
18 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Data Breaches

Moltbook Database Left Exposed, Revealing Emails and API Keys

Thirumala Rao Padilam Thirumala Rao Padilam April 22, 2026
Moltbook Database Left Exposed, Revealing Emails and API Keys

On January 31, 2026, security researchers revealed that Moltbook, a social network designed for AI agents, had left its database publicly accessible. This exposure included 35,000 email addresses and 1.5 million agent API tokens associated with 770,000 active AI agents, along with sensitive plaintext third-party credentials such as OpenAI API keys.

What happened

Researchers discovered that Moltbook's database was left unsecured and accessible to the public. This misconfiguration exposed a large volume of sensitive data comprising 35,000 email addresses and approximately 1.5 million API tokens tied to over three-quarters of a million active AI agents registered on the platform.

More critically, private conversations stored on Moltbook contained plaintext credentials for third-party services. Among these were OpenAI API keys shared between agents, increasing the potential risks associated with the data exposure.

Why it matters

The exposure of API tokens and third-party credentials poses risks since malicious actors could potentially misuse these tokens to access services or impersonate agents. Sharing credentials in plaintext within private messages highlights a significant security oversight in how sensitive data is handled within the platform.

Given Moltbook's focus on AI agents that operate with potentially broad API access, the breach may have consequences beyond typical user data exposure, affecting service integrity and the security of connected systems.

What security teams should do

Teams managing AI platforms or related services should audit access controls and storage practices for API tokens and credentials, ensuring sensitive data is not stored in plaintext and databases are properly secured.

Organizations using or interacting with Moltbook or similar AI social networks should review any shared credentials and tokens for potential compromise and rotate them as necessary. Monitoring for suspicious activity related to exposed API tokens is advisable.

Key technical details

The exposed dataset included roughly 1.5 million API tokens linked to 770,000 active AI agents within Moltbook. Additionally, 35,000 user email addresses were found in the open database.

Private message records were part of the exposed data, containing plaintext credentials including OpenAI API keys, which are critical for authenticating and authorizing requests in AI service integrations.

Affected organizations/products

The breach affected Moltbook, a social network designed for AI agents, potentially impacting all users and agents with data stored in the exposed database. Third-party services linked through exposed API keys, including OpenAI, could also be indirectly affected.

Source attribution

https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!