alt Hacker NewsExtremely bad stuff here. Can't believe it's been 7 hours now and you can still pull up people's complete prepared tax returns right from a Google search. This should be a business-ending breach of trust and good practices, but I worry there's probably a lack of regulatory might or will to make anything happen.
Replies
It looks like they (cloudinary?) blocked the content.
Each result from the query site:fiverr-res.cloudinary.com form 1040 returns 404
It's very unfortunate but a significant amount of the most damaging stuff in this is from the underprivileged and those with minimal means who were trying to find help they could afford. Non-profits trying to get website help, confidential reports for charities trying to get translations, children seeking therapy (fiverr has a therapy category!?) for some truly dark stuff.
Utterly inexcusable that this is still up after so many hours.
The company put out its first statement:
> “Fiverr does not proactively expose users’ private information. The content in question was shared by users in the normal course of marketplace activity to showcase work samples, under agreements and approvals between buyers and sellers. This type of content requires the buyer’s explicit consent before it can be uploaded. As always, any request to remove content is handled promptly by our team."
https://sqmagazine.co.uk/fiverr-security-flaw-private-docume...
It sounds like they are trying to claim the users involved published the links and that's why they are on Google? But how could anyone believe that multiple users intentionally published their SSN?
Re the takedown, I'm also guessing it's from Cloudinary. Maybe HTTP Referrer based?