Vibe-coded Moltbook AI social network exposed 1.5M API keys and 35K emails

Jan 2026

Moltbook, a viral social network built for AI agents to post, comment, and interact, was entirely vibe-coded and shipped with a misconfigured Supabase database granting full read and write access to all platform data. Wiz researchers found a Supabase API key in client-side JavaScript within minutes, exposing 1.5 million API authentication tokens, 35,000 email addresses, and private messages. The database also revealed the platform's claimed 1.5 million agents were controlled by only 17,000 human owners.

Incident Details

Perpetrator:Founder

Severity:Facepalm

Blast Radius:1.5 million API tokens, 35,000 email addresses, and private messages exposed via unauthenticated database access

Tech Stack

SupabaseVibe Coding

References

Wiz: Hacking Moltbook - AI Social Network Reveals 1.5M API Keys ↗Infosecurity Magazine: Vibe-Coded Moltbook Exposes User Data, API Keys and More ↗Techzine: Moltbook database exposes 35,000 emails and 1.5 million API keys ↗