One Step Away From a Massive Data Breach: What We Found Inside MoltBot

Over just a few days, MoltBot has reached roughly 98,000 GitHub stars, 13,600 forks, and more than 350,000 NPM downloads (plus 27,471 direct GitHub downloads) – as of publication time, and still climbing – which we estimate corresponds to roughly 300k–400k users, derived from NPM and GitHub download counts. That adoption matters because MoltBot works by asking users to provide highly sensitive credentials and API keys – effectively the keys to their digital lives – and it is built to ingest input from multiple sources and take actions across connected accounts.