The Hacker News: Toxic Combinations: When Cross-App Permissions Stack into Risk

Incident Summary

Researchers disclosed that Moltbook left a database exposed. The exposed data reportedly included about 35,000 email addresses and 1.5 million agent API tokens tied to 770,000 active agents. People and organizations whose emails or agent credentials were stored in the system may be impacted through unauthorized access to accounts or agents. Limited public details are available about how long the database was exposed or any remediation steps.

Incident Details

Type

Data Breach

Severity

LOW

Status

ACTIVE

Date Occurred

April 22, 2026

External Sources

• https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html