[janoelze]

really bad stuff in the results. very easy to find API tokens, penetration test reports, confidental PDFs, internal APIs. Fiverr needs to immediately block all static asset access until this is resolved. business continuity should not be a concern here.

[mpeg]

lots of admin credentials too, which have probably never been changed

[janoelze]

admin passwords to dating sites, that's the stuff people get blackmailed with

[qq66]

How does someone's dating site password end up in Fiverr?

[janoelze]

it's worse than you think – it's an admin password to the ~whole site~

[I-M-S]

How does an admin password to the whole site end up on Fiverr?

[csomar]

There are lots of passwords there (though one wonder if they were rotated). Basically, the people doing the hiring are sending PDFs with their credentials to the contractors to do the job.

[xtracto]

Oh my. I feel for the tech team at fiverr. I'm sure it's nasty in there. Sending virtual hugs.

[bombcar]

They have a dating site password! They can get real hugs.

[saghm]

Personally I have more sympathy for the people who were screwed over by the incompetence of at least some of that tech team

[ndsipa_pomu]

Meanwhile, I hope they get sent to prison for being so cavalier with other people's PII.