Over 40,000 self-hosted OpenClaw instances were found exposed to the internet, with 12,800 actively leaking API keys.
SecurityScorecard researchers discovered 40,214 exposed OpenClaw instances across 28,663 unique IP addresses. Of these, 12,800 were actively leaking API keys and credentials, allowing anyone on the internet to walk right in. 549 instances were already linked to prior breach activity. The default OpenClaw configuration binds to 0.0.0.0 without authentication, meaning every user who skipped the security docs left their entire digital life accessible to the world.
AFFECTED USERS: ~40,000
ESTIMATED COST: $2,000,000
The Actual Culprit
OpenClaw's default configuration prioritizes ease of setup over security. The gateway binds to all interfaces with no authentication, and the documentation buries security hardening in optional advanced guides.
If security requires the user to read a guide, most users will be insecure. Defaults should be locked down.
Owning the server gives you control. It does not give you competence. Most users cannot secure a public-facing service.
Every day an insecure instance stays online, the probability of compromise approaches 1.
Loading comments...