保護DataHogo
Security Encyclopedia/Error & Logging Best Practices
mediumCWE-532A09:2021

PII in Logs

Logging personally identifiable information (email, full name, IP address, phone number) creates privacy and compliance risks under GDPR and CCPA.

How It Works

Log aggregators retain data for weeks or months and are often shared across teams. Logging full email addresses, names, or IPs turns your log system into a personal data store — subject to GDPR access requests, breach notification requirements, and data retention regulations. A log breach becomes a personal data breach.

Vulnerable Code
// BAD: PII written to logs in plaintext
logger.info(`User ${user.email} (${user.fullName}) logged in from ${req.ip}`);
logger.error(`Payment failed for ${user.email}, card: ${card.number}`);
logger.debug('Request body:', req.body); // may contain PII from form fields
Secure Code
// GOOD: log identifiers, not PII
logger.info({ event: 'login', userId: user.id, ipHash: hash(req.ip) });
logger.error({ event: 'payment_failed', userId: user.id, last4: card.last4 });
// Never log req.body directly — log only the fields you need

Real-World Example

In 2019, Twitter disclosed that phone numbers and email addresses used for 2FA had been inadvertently logged and were accessible to some internal teams. The incident triggered GDPR investigations in multiple EU countries.

How to Prevent It

  • Never log email addresses, full names, phone numbers, or IP addresses in plaintext
  • Use pseudonymized user IDs in logs instead of identifiable information
  • Configure your logger to hash or redact PII fields automatically
  • Document your log retention policy and ensure it's shorter than your data retention policy

Affected Technologies

Node.js

Data Hogo detects this vulnerability automatically.

Scan Your Repo Free

Related Vulnerabilities

Console.log of Sensitive Data

medium

Logging passwords, tokens, full user objects, or payment data to the console sends that data to your log aggregator in plaintext.

CWE-532A09:2021

Stack Traces Exposed to User

medium

Returning stack traces or internal error details in API responses reveals your file structure, library versions, and code paths to attackers.

CWE-209A05:2021

No React Error Boundary

low

Without error boundaries, a JavaScript error in any component crashes the entire React tree and shows a blank screen to the user.

CWE-392

Insufficient Security Logging

low

Not logging security events (failed logins, permission denials, suspicious actions) means you can't detect attacks in progress or reconstruct what happened after a breach.

CWE-778A09:2021