TIL canary token

A false secret token that is monitored for usage to discover whether an account was compromised.
=> time to rotate all secrets stored on that account

Apparently that’s how the 2021 CircleCI security breach was discovered by a CircleCI user.

#devday #devday2024

@tdpauw a shared secret?

@tdpauw oooh, I didn’t know that about the CircleCI breach, do you remember where you read that?

@tdpauw Free canary generator tool: https://canarytokens.org/

@buherator I remember coming across that site 🤔

@sawaba I heard about it during a conference talk about securing CI/CD.

(it’s in French 🤷)

https://www.devday.be/Sessions/details/240?slug=ci-cd-correct-implementation-or-continuous-de

@sawaba people shared this link in the thread to this toot.
I remember coming this across a long time ago.

https://canarytokens.org/nest/

@tdpauw Very interesting thanks!

I know Thinkst well, I used to work there. Been using Canarytokens a long time, but this was first I heard of it being used in this specific breach (I also collect details about breaches like this)