How we detect and notify users about leaked Datadog credentials

Datadog has partnered with GitHub and GitGuardian to protect its customers' accounts from the risk of leaked credentials, which can lead to data breaches and account takeovers. The company identifies potential leaks by scanning public repositories for keys in various locations such as configuration files, documentation, scripts, and more. Once a key is detected, Datadog notifies users via email or in-app notification on the API key management page. To mitigate the impact of leaked credentials, customers should revoke the compromised key immediately and monitor their account for suspicious activity. Additionally, implementing best practices such as defining scopes for application keys, using service accounts to manage them, regularly reviewing and revoking unused API keys, and creating multiple API keys for different purposes can help prevent future leaks.