Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wow, the other comments weren't exaggerating. This is really bad. If my tax returns or other data were part of this, I might consider legal action.

I wonder if somewhere like Wired/Ars Technica/404media might pick this up?




Personally, this is the funniest one to me. It turns out Fiverr uses cloudinary for their internal documents as well. (Note: this one is not confidential and is public information)

https://fiverr-res.cloudinary.com/image/upload/f_pdf,q_auto/...


Shows you how much these certifications are worth in reality.


Absolutely worthless pieces of paper. We had the ISO 270001 and the physical security "walk tour" or whatever it's called; I could've outsourced that to a bunch of preschoolers walking around the offices and data center rooms and would've gotten the same result. The only _actually_ working way to protect your org is to continuously attack your own systems and see what part of it breaks or leaks data.


Clearly the real issue is their 27001 expired on 15/12/2025


I saw that too. Ddg didn't give me a lot of results. Beyond a few dozen


I saw that this was also reported on r/Fiverr[0]. It looks like an almost verbatim copy of this. I don’t see much discussion (so far).

[0] https://www.reddit.com/r/Fiverr/comments/1slzoey/other_atten...


Company is now telling media this is intended behavior and users knew these files were public / shared the URLs themselves. We need to get some media with wider scope to challenge that.


Right? On what planet does someone think that if they share a doc in a private 1on1 chat on Fiverr, that means the doc is going to be indexed by google. Shameless.


And additionally a failure to handle a responsible disclosure.


> I wonder if somewhere like Wired/Ars Technica/404media might pick this up?

Might also want to add El Reg [1] to the list.

1: https://www.theregister.com/


Thanks, tip lines were a good idea




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: