PostHog rotates all AWS credentials after researcher-confirmed cloud exploit; EU and US clouds degraded

PostHog — a widely deployed open-source product-analytics platform with managed EU Cloud and US Cloud offerings plus a large self-hosted base — disclosed a security incident on 30 May 2026 (01:03 UTC) after a security research team confirmed an exploit in one of its AWS environments, and rotated all AWS credentials within ~15 minutes, causing degraded performance across both clouds (exports, reverse-proxy and dependent services) until it marked the incident resolved at 07:16 UTC the same day (PostHog status, 2026-05-30). PostHog states no keys were publicly accessible and no customer data was compromised, that the issue was patched, and that the credential rotation — not the exploit — caused the outage; independent reporting corroborated the event as a security incident with no customer data compromised (Risky Biz News, 2026-06-01). PostHog has not publicly disclosed the vector, the research team, or whether a CVE was assigned. The exploit was researcher-demonstrated, not observed in-the-wild. Mapped to T1190 Exploit Public-Facing Application for the exposed AWS surface.