Description: Wiz researchers reported accessing an exposed Moltbook database in under three minutes, allegedly obtaining ~35,000 email addresses, thousands of private DMs, and ~1.5 million API authentication tokens. The exposure was described as enabling read/write access and potential impersonation or manipulation of "AI agent" accounts. Wiz said it disclosed the issue to Moltbook, which reportedly secured the database within hours and deleted accessed data.
Entities
View all entitiesAlleged: Moltbook developed an AI system deployed by Moltbook platform operators and Moltbook, which harmed Moltbook users and Moltbook account holders.
Alleged implicated AI systems: Moltbook , Moltbook direct messaging system , Moltbook database , Moltbook authentication tokens and Privacy
Incident Stats
Risk Subdomain
A further 23 subdomains create an accessible and understandable classification of hazards and harms associated with AI
2.2. AI system security vulnerabilities and attacks
Risk Domain
The Domain Taxonomy of AI Risks classifies risks into seven AI risk domains: (1) Discrimination & toxicity, (2) Privacy & security, (3) Misinformation, (4) Malicious actors & misuse, (5) Human-computer interaction, (6) Socioeconomic & environmental harms, and (7) AI system safety, failures & limitations.
- Privacy & Security
Entity
Which, if any, entity is presented as the main cause of the risk
Human
Timing
The stage in the AI lifecycle at which the risk is presented as occurring
Post-deployment
Intent
Whether the risk is presented as occurring as an expected or unexpected outcome from pursuing a goal
Unintentional
Incident Reports
Reports Timeline
Loading...
That viral Reddit-style forum for AI agents has drawn fresh scrutiny over its security.
Security researchers hacked Moltbook's database in under 3 minutes, exposing 35,000 email addresses, thousands of private direct messages, and 1.5 milli…
Variants
A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?
Similar Incidents
Did our AI mess up? Flag the unrelated incidents
Similar Incidents
Did our AI mess up? Flag the unrelated incidents