Moltbook API key leak: 4.75 million records compromised

AI-focused forum Moltbook has fallen victim to a serious security incident. According to PANews, a configuration error in the system led to the exposure of critical access keys and personal data of millions of users. This incident highlights the importance of proper key management and protection in the digital world.

Scope of Exposure and Stolen Data

The leak involved 4.75 million records, including highly sensitive information. Compromised were 1.5 million API authorization tokens, which provide direct access to accounts. Additionally, attackers obtained 35,000 email addresses, 20,000 message records, and some API keys for OpenAI services. This combined leak creates multiple attack vectors against compromised accounts.

Critical Keys and Tokens at Risk

The most serious threat is associated with the exposure of API keys and authorization tokens. These keys are essentially “passes” to access user accounts. An attacker with such keys can gain full control over the account, delete data, or impersonate the user. The presence of OpenAI keys allows for compromising AI integrations and creating malicious content on behalf of users.

Urgent Recommendations for Users

Moltbook users should review the security of their accounts as soon as possible. First, change all keys and passwords related to this platform. Activating two-factor authentication is recommended if available. Those who used the same keys or passwords on other platforms should change them there as well. If API keys from OpenAI or other services were linked, they need to be revoked and regenerated in the settings of those platforms. Monitoring accounts for suspicious activity should also not be delayed.