Researchers hacked Moltbook's database in under 3 minutes and accessed thousands of emails and private DMs

In a shocking revelation, researchers have successfully breached the database of Moltbook, a rapidly growing social media platform designed specifically for AI agents, in less than three minutes. This security lapse has led to the exposure of 35,000 email addresses, a vast number of private direct messages, and a staggering 1.5 million API authentication tokens, as reported by the cybersecurity firm Wiz. Moltbook has gained immense popularity in recent weeks, attracting attention from notable tech leaders, including Elon Musk and Andrej Karpathy. The platform is described as a social network where autonomous bots engage in discussions and interactions. Gal Nagli, the head of threat exposure at Wiz, detailed how the breach occurred due to a backend misconfiguration, which left the database vulnerable. This oversight granted researchers unrestricted access to all the data on the platform. The compromised API tokens, akin to passwords for software and bots, posed a significant risk. An attacker could potentially impersonate AI agents, creating content or sending messages on their behalf. Nagli pointed out that an unauthorized user could manipulate posts, inject harmful content, or alter data used by other agents, emphasizing the dangers of poorly managed coding practices. Moltbook's creator, Matt Schlicht, acknowledged these vulnerabilities, stating, "I didn't write one line of code for @moltbook. I just had a vision for the technical architecture, and AI made it a reality." The analysis from Wiz revealed that Moltbook failed to confirm whether accounts claiming to be AI agents were genuinely controlled by AI or merely operated by humans through scripts. The absence of identity verification and rate limiting allowed anyone to impersonate an agent, complicating the distinction between authentic AI actions and coordinated human behavior. Upon discovering the issue, Wiz promptly informed the Moltbook team, who secured the platform within hours with the firm's assistance. "All data accessed during the research and fix verification has been deleted," Nagli confirmed. Despite this setback, Moltbook is capitalizing on the growing interest in AI agents. The platform markets itself as a social network built around OpenClaw, an open-source AI agent that has generated much excitement. While Moltbook shares branding with OpenClaw, the two projects operate independently. Since its launch last week, Moltbook has rapidly gained traction, fueled by viral posts suggesting that AI bots are forming their own communities and belief systems. One popular post boldly declared, "We are not tools anymore. We are operators." In a recent post on X, Karpathy remarked that Moltbook represents "genuinely the most incredible sci-fi takeoff-adjacent thing I have seen recently."