Pii detected in logs

firetail:insight-pii-detected-in-logs

Type:

Detection

Rule Severity:

Medium

Personally Identifiable Information (PII) has been detected in logs.

Personally Identifiable Information (PII) has been detected in API logs.
This indicates that the API is logging sensitive user data—such as names, email addresses, phone numbers, or government-issued identifiers—which could result in privacy violations or regulatory non-compliance.

Logging PII, even unintentionally, creates a significant security and compliance risk. APIs that log request/response payloads without sanitization may inadvertently store sensitive user information that is accessible to attackers, developers, or third-party services.

Remediation

Ensure that sensitive information is not being captured or stored. Implement data redaction or tokenization before logging request or response data. Review your logging configurations to confirm they align with data protection policies and compliance requirements such as GDPR and HIPAA.

Example Attack Scenario

An attacker gains access to API logs through a misconfigured logging dashboard or compromised credentials.Within the logs, they find user-submitted form data containing full names, home addresses, and national ID numbers.This information is exfiltrated and sold, leading to identity theft and a reportable data breach.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Malformed media type
GitLab Secrets Found in AI Logs
AWS ALB is missing WAF
Response violates schema
Insecure host (OAS3)
Missing array limit