diff --git a/server.js b/server.js
index d97ff01..d442033 100644
--- a/server.js
+++ b/server.js
@@ -2474,12 +2474,20 @@ app.post("/services/:id/log", authMiddleware, async (req, res) => {
 // Ruta para LEER el historial de un servicio
 app.get("/services/:id/logs", authMiddleware, async (req, res) => {
     try {
-        const q = await pool.query(
-            "SELECT * FROM scraped_service_logs WHERE scraped_id = $1 ORDER BY created_at DESC", 
-            [req.params.id]
-        );
+        // BLINDAJE: Cruzamos el log con la tabla scraped_services 
+        // para asegurar que el servicio pertenece al dueño del token
+        const q = await pool.query(`
+            SELECT l.* FROM scraped_service_logs l
+            JOIN scraped_services s ON l.scraped_id = s.id
+            WHERE l.scraped_id = $1 
+            AND s.owner_id = $2
+            ORDER BY l.created_at DESC
+        `, [req.params.id, req.user.accountId]);
+
         res.json({ ok: true, logs: q.rows });
-    } catch(e) { res.status(500).json({ ok: false }); }
+    } catch(e) { 
+        res.status(500).json({ ok: false }); 
+    }
 });
 
 // ==========================================