Canarytokens by Thinkst

A quick way to detect a breach or mass surveillance

Screenshots

Hunter's comment

This tool can be used to generate a unique piece of information which can be sent or placed somewhere where you suspect your privacy or security has been breached. Once an attacker acts on the information, you will receive a notification. For example recently I wanted to see if my company could spy on my Slack conversations that I was having with my colleague , so I hit up canarytokens and generated a unique link which I then sent to my co worker along with a message which was something along the lines of "Let's go to North Korea I think it will be a nice place to stay. ". I then sent the message and a few minutes later I had an email to let me know that someone visited the link. Fortunately for me the only visitors that I had to my link about our North Korean visit was the Slack Bot visiting my link. If you look at the third picture on this post you will see an example of a notification for if a Canary Token was triggered. Other use cases for this would include for example to create AWS credentials(fake credentials or credentials with zero IAM priviledges) and then place the credentials somewhere in a file on a server which is being used for a honeypot. As soon as the server gets "hacked" you would receive a notification. You can even turn on web hook notifications which from my understanding means that you could use the canary tokens site to trigger slack notifications instead of email notifications.
If you would like to read more then please check:
http://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html