Hacking Moltbook: AI Social Network Reveals 1.5M API Keys - wiz.io

A misconfigured Supabase database, with an exposed API key in client-side JavaScript and disabled Row Level Security (RLS), granted unauthenticated full read and write access to the Moltbook platform's production data. This vulnerability resulted in the exfiltration of 1.5 million API authentication tokens, over 64,000 email addresses, private messages containing third-party API credentials, and enabled unauthorized content modification.