Code Room
On-callMediumoc-g605
Subject Security secret logged at scaleLevel Mid–Senior~30 minCommon in Security interviewsIndustries Software development, Technology

Question

A developer notices during debugging that the payment service has been writing the full request body — including raw card numbers and a third-party processor API key passed in a header — into structured application logs since a logging change deployed 8 days ago. Those logs ship to your centralized logging platform (retained 90 days, searchable by ~200 employees) and a copy goes to a third-party log-analytics vendor. You're the on-call engineer who's been escalated to. Triage and contain.

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.