I linked to the press release because I know X links are frowned upon, but I think it doesn’t do the story justice.<p>Parker Conrad’s X thread is good: <a href="https://x.com/parkerconrad/status/1901615179718406276" rel="nofollow">https://x.com/parkerconrad/status/1901615179718406276</a><p>Here’s the full complaint: <a href="https://rippling2.imgix.net/Complaint.pdf" rel="nofollow">https://rippling2.imgix.net/Complaint.pdf</a>
This is a fantastic example of applying deception strategies in practice as part of a detection & response plan. The most common use case is as a canary, but it absolutely works as evidence of compromise, too.<p>I won't comment on the specifics of the case (the complaint comes across as very convincing), but I will remind people that it's common for investigations to ostensibly show an employee doing bad things, when in reality it's e.g. that employee's credentials/devices that are compromised.