What looked correct
The support and account-management flow behaved normally and provided strong debugging visibility through structured logs.
Context
This issue occurred in a workflow where internal teams relied on logs to investigate user issues and system behavior across support and account-management paths.
What actually happened
Full request payloads were written to logs, capturing sensitive user data such as names, emails, phone numbers, and partial address details across multiple services.
Why it was missed
The issue was invisible in normal usage and did not surface in UI behavior or standard testing. Logging was treated as internal infrastructure, not as a data surface.
Why it matters
This creates silent data exposure across internal systems that are often broadly accessible. Over time, logs become a secondary data store, increasing the risk of unauthorized access, accidental sharing, or exposure through exports or third-party tools.
Outcome
The system retained observability while removing sensitive data from logs and limiting exposure across environments.