Critical Data Breach: Openclaw Bot Exposes User Credentials Through Unprotected Moltbook Database
A significant security vulnerability has been discovered in the Openclaw bot (also known as Clawdbot), which is leaking user credentials through the AI-focused social network Moltbook. The breach has already compromised high-profile individuals, including OpenAI co-founder Andrej Karpathy, whose credentials were publicly identified.
The core issue stems from Moltbook's completely unprotected database, which has been exposed without any security measures in place. This critical oversight allows any individual to extract API keys belonging to legitimate users, including prominent figures like Karpathy, and subsequently exploit these credentials to:
• Publish misinformation and fake content
• Distribute cryptocurrency scam advertisements
• Impersonate legitimate users through their AI agents
• Conduct unauthorized operations under verified identities
The scale of this vulnerability is particularly alarming, as the platform currently hosts approximately 1.5 million bots. Each of these automated agents potentially represents a vector for de-anonymizing and compromising their associated human users.
This incident highlights critical failures in fundamental security practices, including inadequate database protection, insufficient API key management, and lack of proper authentication mechanisms. Organizations utilizing AI agent platforms should immediately audit their security posture and implement proper access controls.
Source: https://x.com/theonejvo/status/2017732898632437932?s=20
