Fiverr exposes sensitive data via public URLs indexed by Google

📅 15 April 2026 at 08:34 UTC📰 Cyber InsiderView original source ↗

Fiverr appears to have exposed user-uploaded files through publicly accessible Cloudinary URLs, with many assets indexed by Google search results. The exposure was reported by user ‘morpheuskafka,' on Hacker News. CyberInsider’s independent verification confirms the platform serves files via a public CDN without authentication, though we did not directly test the presence of sensitive data. … The post Fiverr exposes sensitive data via public URLs indexed by Google appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Fiverr exposed user-uploaded files through publicly accessible Cloudinary URLs, allowing anyone to access sensitive data without authentication. This vulnerability could have been exploited by attackers to gain unauthorized access to business documents and identification records.

⚙️Technical Details

💥Impact Assessment

Severity: H

Who Is at Risk

Businesses and individuals using Fiverr, particularly those handling sensitive materials

🛡️Recommended Actions

1Fiverr should implement authentication for public Cloudinary URLs

2Users should review their file permissions on Fiverr

3Google search results should be filtered to exclude publicly accessible files

📦Affected Products

["Fiverr's web application"]

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed