Hacking Moltbook: The AI Social Network Any Human Can Control

Moltbook's Supabase backend was misconfigured so a publishable API key in client JavaScript allowed unauthenticated read/write access to the production database, exposing millions of records — including ~1.5M API tokens, private messages (with plaintext third‑party API keys), tens of thousands of email addresses, and enabling full agent impersonation and content modification; the issue was responsibly disclosed and patched within hours.