Canary tokens are a free, quick, painless way to help defenders discover they've been breached (by having attackers announce themselves.)

Embeddable in :

• fake URLs ending in .html, .js, .php...
• emails to detect if you are spied on
• files in the cloud
• as file watchs do detect spies on filesystems
• desktop.ini for Windows directories or zip files
• MSSQL & MYSQL
• Word / PDF documents
• a JS resource is used elsewhere