Segment Write Key
Service Name: Segment
Service Description: Segment is a customer data platform (CDP) that helps businesses collect, clean, and control their customer data. It allows companies to send data to analytics tools, marketing platforms, CRMs, and other destinations with a single API.
Service Address: https://segment.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the workspace level in Segment's Access Management settings.
Secret Access Scope: Grants write access to send data to a specific Segment source. Write keys allow applications to send events, user traits, and other data to Segment for processing and distribution to connected destinations.
Secret Revokement URL: https://app.segment.com/workspaces/[workspace-id]/sources/[source-id]/settings
Secret Example: wOVEBgAkSCgzT8WDyQ9uQKxGRSdJ8kLk
Suspicious Activity Investigation Instructions:
- Review the Segment debugger to identify unusual event patterns or unexpected data being sent.
- Check the source's event volume in Segment to identify spikes or anomalies.
- Examine connected destinations to see if unauthorized data is being forwarded.
- Review IP addresses that have been using the write key in the Segment logs.
- Check for unauthorized integrations or destinations that may have been added.
Mitigation Instructions:
- Log in to your Segment workspace at app.segment.com.
- Navigate to the specific source that uses the compromised write key.
- Go to the source settings page.
- Click on "API Keys" or "Settings" section.
- Click "Reset Write Key" to invalidate the current key and generate a new one.
- Update all legitimate applications with the new write key.
- Review and update any IP restrictions in Access Management settings.
- Audit connected destinations and remove any unauthorized integrations.