logoalt Hacker News

zuzululutoday at 4:58 AM3 repliesview on HN

I had this happen to me recently

github token got stolen and also cloudflare tokens

guys even if you take security seriously you are going to get hit on a long enough time frame

best thing to do is segregate and control damage

trust no one, nothing, use orbstack, and always operate under the assumption that your token is going to get leaked at some point

it knocked off my entire momentum. fortunately seemed like it was just a spam bot that took my tokens and created bunch of fake spam pages and trying to mine crypto

the biggest feeling is the one of feeling violated

take care fellow travelers

Replies

rbobbytoday at 3:56 PM

> best thing to do is segregate and control damage

I first encountered that concept with a client that put every webapp in it's own virtual server and expected the vm to get compromised at some point. Seemed like a very sensible idea 15 years ago.

show 1 reply
pjottoday at 5:34 AM

  > created bunch of fake spam pages and trying to mine crypto
Pages like GitHub pages? We’re repos being created in your account? Curious how you discovered that your tokens were pwned
show 1 reply
worldsaviortoday at 7:50 AM

Secret ad to orbstack.