OpenClaw Credential Storage Catastrophe: How 1.5M Tokens Got Leaked

TL;DR OpenClaw stores API tokens, OAuth credentials, SSH keys, and conversation transcripts in plaintext — not encrypted, not hashed, not protected. In December 2025, a misconfigured Moltbook backend (third-party service) exposed a MongoDB cluster wi...