As a PyPI package maintainer, you are tasked with publishing a top-secret package with sensitive information. But your repository has been hacked and the package files have been stolen. Track down the culprit and recover the files, using the trail of short-lived API tokens left behind.