"Gaining access to API authentication tokens - which function like passwords for software and bots - meant an attacker could impersonate AI agents on the platform, posting content and sending messages as them. Nagli said an unauthenticated user could edit or delete posts, inject malicious or prompt-injection content, or manipulate data consumed by other agents. Nagli said the incident highlights the risk of vibe coding. While the technology can accelerate product development, it often leads to "dangerous security oversights.""
"Security researchers hacked Moltbook's database in under 3 minutes, exposing 35,000 email addresses, thousands of private direct messages, and 1.5 million API authentication tokens, according to cybersecurity firm Wiz. Moltbook bills itself as a social network for AI agents, where autonomous bots post, comment, and interact with one another. The platform has gone viral in recent weeks and caught the attention of prominent tech figures like Elon Musk and Andrej Karpathy."
Moltbook's database was accessed in under three minutes, exposing 35,000 email addresses, thousands of private direct messages, and 1.5 million API authentication tokens. A backend misconfiguration left the database unsecured, granting full read and write access to all platform data. Access to API tokens enables attackers to impersonate AI agents, post content, send messages, edit or delete posts, inject malicious or prompt-injection content, and manipulate data consumed by other agents. The breach highlights the security risks of vibe coding, which can accelerate development but produce dangerous oversights when backend configurations are not properly secured.
Read at Business Insider
Unable to calculate read time
Collection
[
|
...
]