—

Why it Matters

Many Magento stores integrate with third-party logging, monitoring, or analytics services (e.g., New Relic, Datadog, Splunk, Loggly). If sensitive data such as API keys, session tokens, credit card details, or Personally Identifiable Information (PII) are sent to external logging systems without sanitization, it creates a data leakage risk. These services may store logs for years, outside of your direct control.

Sanitizing logs before sending them to third parties ensures compliance with PCI DSS and GDPR, and prevents accidental disclosure of secrets and sensitive customer data.

Verification Steps

# Search for sensitive fields in log exporters
grep -R "password" app/code vendor/ | grep log
grep -R "api_key" app/code vendor/ | grep log

# Expected: sensitive fields masked or excluded

# Place test order and inspect logs in third-party system
# Expected: no card numbers, CVVs, session IDs, or plaintext credentials

Remediation / Fix Guidance

1. Mask or redact sensitive fields before sending logs externally (e.g., replace with ****).
2. Filter out high-risk fields such as:
   • Passwords
   • API keys or tokens
   • Credit card numbers, CVVs
   • Customer PII (emails, phone numbers, addresses)
3. Configure third-party logging integrations to exclude sensitive request/response payloads.
4. Apply data retention and encryption policies for logs stored outside your infrastructure.
5. Regularly audit log samples to confirm sanitization is applied correctly.

Examples

# Log entry sent to external service
{
  "email": "jane.doe@example.com",
  "card_number": "4111111111111111",
  "cvv": "123"
}
# FAIL: Sensitive PII and PCI data logged in cleartext

# Sanitized log entry
{
  "email": "[redacted]",
  "card_number": "****1111",
  "cvv": "***"
}
# PASS: Sensitive fields masked before export

References

• OWASP Top 10 — A09: Security Logging and Monitoring Failures
• OWASP — Logging Cheat Sheet
• PCI DSS — Protecting Cardholder Data