I had this happen to me recently

github token got stolen and also cloudflare tokens

guys even if you take security seriously you are going to get hit on a long enough time frame

best thing to do is segregate and control damage

trust no one, nothing, use orbstack, and always operate under the assumption that your token is going to get leaked at some point

it knocked off my entire momentum. fortunately seemed like it was just a spam bot that took my tokens and created bunch of fake spam pages and trying to mine crypto

the biggest feeling is the one of feeling violated

take care fellow travelers

▲ pjot 2 hours ago | parent [-]

  > created bunch of fake spam pages and trying to mine crypto

Pages like GitHub pages? We’re repos being created in your account? Curious how you discovered that your tokens were pwned

	▲	zuzululu an hour ago \| parent [-]
		repos created, cloudflare eployed thee websites, edited dns saw a weird spam site, so damn tired went to bed thinking it was some mislick on my side woke up next morning and loaded up my domain, it redirected and panic set in my SEO is probably nuked even though it has been under 24 hours