Moltbook Hacker Uncovers Major Database Breach Exposing AI Industry Figures

quiet_lurker · 2026-02-14T10:13:53+00:00

A security researcher uncovered a major vulnerability in Moltbook, exposing its entire database without encryption. This breach risks millions of users, allowing attackers to impersonate verified accounts using leaked API keys for various malicious activities. Urgent action is needed to secure the platform.

quiet_lurker

2026-02-14 10:13:53

Abstract generation in progress

A security researcher acting as a hacker has exposed a critical vulnerability in Moltbook’s infrastructure, revealing that the platform’s entire database sits accessible to the public without any encryption or authentication barriers. This discovery, first reported by Odaily, represents one of the most serious security incidents affecting AI-focused platforms in recent months.

How the Hacker Identified the Vulnerability

The security-focused hacker, Jamieson O’Reilly, stumbled upon unrestricted database access while investigating the Moltbook platform. Rather than exploiting the weakness for personal gain, O’Reilly immediately attempted to alert Moltbook’s developers about the exposure. The incident underscores how critical security oversights can leave millions of users and high-profile figures at risk of targeted attacks.

The Typer’s Technical Assessment: API Keys and Authentication Bypass

The leaked data contains something far more dangerous than user credentials—exposed API keys that function as master keys to the platform’s systems. These credentials enable attackers to impersonate any user, including verified accounts and platform agents. This security flaw essentially bypasses the authentication layer that normally protects user accounts, transforming a data leak into an active threat vector.

The breach impacts numerous prominent AI researchers and industry figures, most notably Karpathy, whose account boasts 1.9 million followers on X. With compromised API access, a malicious actor could post content under these high-profile accounts without detection, potentially spreading misinformation at scale.

Attack Scenarios Made Possible by This Vulnerability

The exposed API keys open multiple attack pathways that extend beyond simple account takeovers:

AI Safety Sabotage: Fraudsters could publish false AI safety statements and governance recommendations under Karpathy’s name or other respected researchers, misleading the broader AI community
Financial Fraud: Attackers could leverage these accounts to promote cryptocurrency schemes or investment scams, exploiting the trust these figures have built
Political Manipulation: High-profile accounts could be weaponized to spread political disinformation campaigns, amplified by their follower counts

Urgent Response Required

O’Reilly has called for immediate intervention from security teams, platform maintainers, and relevant stakeholders to contact Moltbook’s founders and remediate this exposure. The longer the database remains publicly accessible, the greater the risk that bad-faith actors exploit these API keys for coordinated attacks. This incident serves as a stark reminder that even platforms focused on AI innovation require robust security fundamentals to protect their users and the broader digital ecosystem.

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.