alt Hacker NewsI don't really see what the issue is here? Someone with access to the URL (either the freelancer or the client) leaked it to Google, Google crawled it. How is this Fiverr's fault? I mean, okay, they could sign URLs, but it's not like they left a folder with directory listing on. Someone with access to the URLs, not them, willingly made the URLs public.
Users should have to be authenticated to access the resource, not just rely on the URL being a secret.