Fiverr exposed sensitive customer files including tax forms with PII through publicly accessible Cloudinary URLs, making them searchable on Google. The company failed to respond to responsible disclosure attempts for 40 days despite actively advertising tax preparation services. This represents a serious data privacy violation that could breach financial regulations like the GLBA Safeguards Rule.
Background
Fiverr is a popular gig economy platform where freelancers provide services to clients, often handling sensitive documents. Cloudinary is a cloud-based media management service commonly used for storing and processing files.
- Source
- Hacker News (RSS)
- Published
- Apr 15, 2026 at 02:56 AM
- Score
- 8.0 / 10