Skip to content

PostHog

Service Name: PostHog

Service Description: PostHog is an open-source product analytics platform that helps teams understand user behavior. It offers features like event tracking, session recording, feature flags, and A/B testing to help businesses make data-driven decisions.

Service Address: https://posthog.com/

  • Validation Type: API Auth
  • IP Allow list: Does not exist
  • Secret Access Scope: Grants access to PostHog analytics data, feature flags,

and admin capabilities.

  • Secret Revokement URL: Does not exist
  • Secret Example:

phc_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9

  • Suspicious Activity Investigation Instructions:
  • Check PostHog dashboard for unusual data access patterns
  • Review API usage logs for unexpected API calls
  • Monitor for unusual data exports or configuration changes
  • Check for unauthorized feature flag changes
  • Verify if any new team members have been added without authorization
  • Mitigation Instructions:
  • Log in to your PostHog account
  • Navigate to Project Settings
  • Select API Keys

PostHog API Key

  • Identify the compromised key
  • Click "Revoke" next to the compromised key
  • Create a new API key if needed
  • Update all applications using the old key with the new key