We review every single applicant so this doesn't sound right. It might be that rejection emails get batched and sent on a schedule. I can't find your resume based on your username but if you want to send me an email on tim at posthog dot com I will look into it.
We have a lower bound on our location based pay which is a percentage of salary in SF, which applies to both those locations. We fixed the currencies a while ago (so people's pay don't fluctuate up and down in local currencies), which is why those two locations have different pay now.
PostHog equips developers to build successful products by combining product analytics, feature flags, session replay, a data warehouse, CDP and many more.
* we have a public handbook (posthog.com/handbook) if you want to learn how we work, pay and more in complete detail.
* we are growing through more autonomy and transparency not through process.
* we have a ton of scale and a bunch of super interesting technical problems to solve
* we're building 20 more products over the next couple of years, so you could end up building one of those
* public compensation calculator! see immediately what you'd get paid
PostHog equips developers to build successful products by combining product analytics, feature flags, session replay, a data warehouse, CDP and many more.
* we have a public handbook (posthog.com/handbook) if you want to learn how we work, pay and more in complete detail.
* we are growing through more autonomy and transparency not through process.
* we have a ton of scale and a bunch of super interesting technical problems to solve
* we're building 20 more products over the next couple of years, so you could end up building one of those
* public compensation calculator! see immediately what you'd get paid
No, just the host that was running the package (the exploit was pretty generic and not targeted at PostHog specifically). In fact, so far we think there were 0 production deployments of PostHog because the package was only live for a little bit.
co-founder of PostHog here. We were a victim of this attack. We had a bunch of packages published a couple of hours ago. The main packages/versions affected were:
- posthog-node 4.18.1, 5.13.3 and 5.11.3
- posthog-js 1.297.3
- posthog-react-native 4.11.1
- posthog-docusaurus 2.0.6
We've rotated keys and passwords, unpublished all affected packages and have pushed new versions, so make sure you're on the latest version of our SDKs.
We're still figuring out how this key got compromised, and we'll follow up with a post-mortem. We'll update status.posthog.com with more updates as well.
We've rotated keys and passwords, unpublished all affected packages and have pushed new versions, so make sure you're on the latest version of our SDKs.
We're still figuring out how this key got compromised, and we'll follow up with a post-mortem. We'll update status.posthog.com with more updates as well.