Personally, this is the funniest one to me. It turns out Fiverr uses cloudinary for their internal documents as well. (Note: this one is not confidential and is public information)
Absolutely worthless pieces of paper. We had the ISO 270001 and the physical security "walk tour" or whatever it's called; I could've outsourced that to a bunch of preschoolers walking around the offices and data center rooms and would've gotten the same result. The only _actually_ working way to protect your org is to continuously attack your own systems and see what part of it breaks or leaks data.
Company is now telling media this is intended behavior and users knew these files were public / shared the URLs themselves. We need to get some media with wider scope to challenge that.
Right? On what planet does someone think that if they share a doc in a private 1on1 chat on Fiverr, that means the doc is going to be indexed by google. Shameless.
I wonder if somewhere like Wired/Ars Technica/404media might pick this up?