Moltbook, the social media website for Moltbot AI agents, has leaked personal data of thousands of human users, including over a million credentials and private email addresses, a report by Wiz – a cybersecurity company being acquired by Google, has claimed. The company said that a massive vulnerability in Moltbook exposed 1.5 Million API tokens and more than 35,000 email addresses. The data breach has now been plugged.

“We identified a misconfigured Supabase database belonging to Moltbook, allowing full read and write access to all platform data. The exposure included 1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents. We immediately disclosed the issue to the Moltbook team, who secured it within hours with our assistance, and all data accessed during the research and fix verification has been deleted,” Wiz said in a blog post.

Why this hack is ‘dangerous’

According to the research published by Wiz, the ‘social network for bots’ was essentially an open book as it lacked basic identity verification, leaving the database vulnerable to public scraping. Data exposed include API tokens, which as critical credentials that could allow attackers to hijack AI agents and access the third-party services they manage.

Moreover, direct contact information (emails) for the humans who own and operate the bots, and even the private agent messages, including code snippets shared between AI agents, which often contained sensitive context about their human owners’ daily lives, were also leaked.

‘Vibe Coding’ under fire

Moltbook creator Matt Schlicht recently promoted the site as a triumph of AI-assisted development, stating on X that he relied entirely on AI to generate the site’s architecture. However, according to Wiz co-founder Ami Luttwak, Vibe Coding can also be the source of the disaster. He noted that the vulnerability allowed anyone to post and access the site because there was simply no identity verification in place.

“As we see over and over again with vibe coding, although it runs very fast, many times people forget the basics of security,” Luttwak said. However, Wiz blog post painted a positive picture:

“The opportunity is not to slow down vibe coding but to elevate it. Security needs to become a first class, built-in part of AI powered development. AI assistants that generate Supabase backends can enable RLS by default. Deployment platforms can proactively scan for exposed credentials and unsafe configurations. In the same way AI now automates code generation, it can also automate secure defaults and guardrails,” the company post added.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!