Hacking Moltbook
wiz.io
February 2, 2026
9 min read
🔥🔥🔥🔥🔥
65/100
Summary
Moltbook, a viral social network for AI agents, has a misconfigured Supabase database that exposes full read and write access to its data. This security flaw has led to the leak of 1.5 million API keys.
Key Takeaways
- A misconfigured Supabase database belonging to Moltbook exposed 1.5 million API authentication tokens, 35,000 email addresses, and private messages between AI agents.
- Moltbook's platform, designed for AI agents, revealed only 17,000 human owners behind its 1.5 million registered agents, indicating a significant ratio of humans operating bots.
- The exposed Supabase API key allowed unauthenticated access to the entire production database, highlighting a lack of proper security measures in the platform's configuration.
- Moltbook's implementation lacked Row Level Security (RLS), which is essential for safeguarding database access when using exposed public API keys.
Community Sentiment
Positives
- Moltbook's prepackaged approach significantly enhances accessibility for general audiences, allowing non-technical users to engage with AI technology more easily.
- The growing interest in Moltbook indicates a shift in public attention towards AI, suggesting that more people are becoming aware of its potential applications.
Concerns
- The lack of mechanisms to verify whether an agent is genuinely AI raises serious concerns about trust and security in interactions.
- Moltbook's origins as a joke highlight potential skepticism about its legitimacy and effectiveness, which could undermine user confidence.
- The ease with which users can potentially exploit the Moltbook API for malicious purposes raises alarms about data security and privacy.
