Moltbook AI social platform data leak from exposed Supabase API key
Data Leak
Summary
Hide ▲
Show ▼
The Moltbook AI social platform suffered a data leak after an exposed Supabase API key gave unauthenticated access to its production database. The exposure put 1.5 million API authentication tokens, 30,000 email addresses, and private messages at risk, while also granting read/write access to platform data. The issue was later fixed, but the misconfiguration created both confidentiality and integrity risk.
Related Happenings
Moltbook wide-open database exposure
Data Leak
First: 22.04.2026 13:41
Last: 22.04.2026 13:41
Sources 1
About this happening:
The **Moltbook** database exposure placed **35,000 email addresses** and **1.5 million agent API tokens** at risk, creating immediate potential for account hijacking and credentia...
Moltbook wide-open database exposure
Data LeakAbout this happening: The **Moltbook** database exposure placed **35,000 email addresses** and **1.5 million agent API tokens** at risk, creating immediate potential for account hijacking and credentia...
Moltbook Supabase database exposure
Data Leak
First: 08.02.2026 09:32
Last: 08.02.2026 09:32
Sources 1
About this happening:
A **misconfigured Supabase database** exposed **Moltbook** data, putting **API authentication tokens**, **email addresses**, and **private messages** at risk of unauthorized acces...
Moltbook Supabase database exposure
Data LeakAbout this happening: A **misconfigured Supabase database** exposed **Moltbook** data, putting **API authentication tokens**, **email addresses**, and **private messages** at risk of unauthorized acces...
SmarterMail authentication bypass flaw under active exploitation
Vulnerability
First: 22.01.2026 11:46
Last: 22.01.2026 11:46
Sources 1
About this happening:
**SmarterTools SmarterMail** is under **active exploitation** for an **authentication bypass flaw** that can let an attacker **reset the system administrator password** and potent...
SmarterMail authentication bypass flaw under active exploitation
VulnerabilityAbout this happening: **SmarterTools SmarterMail** is under **active exploitation** for an **authentication bypass flaw** that can let an attacker **reset the system administrator password** and potent...
Latest development: 18.02.2026 18:27
Researchers monitoring underground Telegram channels and cybercrime forums observed threat actors rapidly sharing proof-of-concept exploits, offensive tools, and stolen administrator credentials for SmarterMail vulnerabilities CVE-2026-24423 and CVE-2026-23760 within days of disclosure, and CISA later added CVE-2026-24423 to the Known Exploited Vulnerabilities catalog after confirming active ransomware exploitation.
Timeline
-
03.02.2026 12:00 2 articles · 3mo ago
Wiz Security discloses Moltbook database exposure
Initial DisclosureWiz Security found that the Moltbook AI social platform had a misconfigured Supabase database and an exposed Supabase API key in client-side JavaScript, enabling unauthenticated read and write access to the production database. The exposure put 1.5 million API authentication tokens, 30,000 email addresses, and private messages between agents at risk, and it also created integrity risk by allowing post edits, malicious content injection, prompt injection payloads, and site defacement. The issue was later fixed.
Show sources
- Vibe-Coded Moltbook Exposes User Data, API Keys and More — www.infosecurity-magazine.com — 03.02.2026 12:00
- Vibe-Coded Moltbook Exposes User Data, API Keys and More — www.infosecurity-magazine.com — 03.02.2026 12:00