Hacker News new | ask | show | jobs
by evmaki 66 days ago
Extremely bad stuff here. Can't believe it's been 7 hours now and you can still pull up people's complete prepared tax returns right from a Google search. This should be a business-ending breach of trust and good practices, but I worry there's probably a lack of regulatory might or will to make anything happen.
4 comments
morpheuskafka 65 days ago
The company put out its first statement:

> “Fiverr does not proactively expose users’ private information. The content in question was shared by users in the normal course of marketplace activity to showcase work samples, under agreements and approvals between buyers and sellers. This type of content requires the buyer’s explicit consent before it can be uploaded. As always, any request to remove content is handled promptly by our team."

https://sqmagazine.co.uk/fiverr-security-flaw-private-docume...

It sounds like they are trying to claim the users involved published the links and that's why they are on Google? But how could anyone believe that multiple users intentionally published their SSN?

Re the takedown, I'm also guessing it's from Cloudinary. Maybe HTTP Referrer based?

link
janoelze 65 days ago
The DMCA takedown also suggests at least one user was not aware of that file being public. This all comes down to what that "sharing" action specifically looked like.

ChatGPT recently had a similar case with the sharing feature on conversations leading to publicly indexed convos. That incident would have also matched the implied definition of sharing here.

link
deepserket 66 days ago
It looks like they (cloudinary?) blocked the content.

Each result from the query site:fiverr-res.cloudinary.com form 1040 returns 404

link
abustamam 66 days ago
Yikes! It should not require the service provider to block PII, but at least someone plugged the leak.
link
TkTech 66 days ago
It's very unfortunate but a significant amount of the most damaging stuff in this is from the underprivileged and those with minimal means who were trying to find help they could afford. Non-profits trying to get website help, confidential reports for charities trying to get translations, children seeking therapy (fiverr has a therapy category!?) for some truly dark stuff.

Utterly inexcusable that this is still up after so many hours.

link
mellosouls 66 days ago
Technically, 40 days and 7 hours!
link
ChrisMarshallNY 66 days ago
...and forty nights...
link
kkarpkkarp 66 days ago
...since you leaked my data away
link