Ever since the API token change introduced by JENKINS-32776, a legacy token is automagically generated on our install for the nonexistent user "unknown".

Legacy tokens have been disabled since updating to 2.130.

After manually revoking the token, it usually takes a few hours for it to magically reappear and then causes the red administrative monitor counter to (re-)appear in the toolbar.

Though I can revoke the token, I am unable to change it via the user admin page Change API Token button.