AI Forum Moltbook faces a major leak: 4.75 million records compromised

Popular internet forum focused on artificial intelligence has experienced a serious information security incident. According to PANews, a cryptographic error in the system configuration led to open access to a large user database. This forum, a discussion hub for the AI enthusiast community, was compromised, which could cost users significant amounts given the number of stolen credentials.

Full scope of the forum incident

The scale of the leak is impressive: over 4.75 million records from the Moltbook database were exposed. This is one of the largest breaches in the history of AI-oriented online communities. The incident occurred due to improper server infrastructure configuration, allowing attackers to gain unauthorized access without needing to bypass additional security layers.

What information fell into the wrong hands

A detailed analysis of the stolen data reveals critical security risks for users:

• 1.5 million API authorization tokens – the most dangerous component of the leak, enabling attackers to act on behalf of real users
• 35,000 email addresses of forum users
• 20,000 chat logs and personal information
• Private OpenAI keys – especially valuable as they provide access to paid API services and could be worth significant amounts in dollars

The leak of OpenAI API keys is particularly critical, as they can be used for unauthorized access to cloud services and generating charges on the victim’s account.

Financial risks for forum users

Compromised keys pose a direct financial threat. Attackers can use stolen API tokens to run costly operations on OpenAI, leading to substantial dollar losses. Each lost key is a potential vulnerability that could cost the owner hundreds or thousands of dollars in unplanned expenses.

Immediate actions required

Moltbook forum users should urgently implement the following protective measures:

• Change all passwords on the forum and related services
• Rotate API keys for OpenAI and other services immediately
• Monitor accounts for unauthorized charges in dollars and other payment systems
• Enable two-factor authentication (2FA) on all critical accounts
• Review access history for their accounts and services for suspicious activity

Special attention should be paid to monitoring OpenAI accounts, as stolen keys can generate unlimited charges without owner notification.

Lessons for the community and future measures

This incident on a popular AI forum highlights the importance of regular security configuration audits and vulnerability testing. forum administrators should ensure encryption of sensitive data and restrict direct database access. Users are advised to be cautious when storing critical keys and to periodically change credentials, even if there are no obvious signs of compromise.