Fiverr denies data leak allegations linked to cloud storage exposure

Fiverr, an online marketplace connecting freelancers with clients worldwide, has denied allegations that it exposed sensitive user data following claims that documents were publicly accessible through a cloud storage service. The company issued the response after reports surfaced that files containing personal information had been discovered online.

The controversy emerged after a security researcher using the alias “morpheuskafka” alleged that a publicly accessible instance of Cloudinary, a cloud-based media storage platform, contained sensitive Fiverr user documents. The materials reportedly included invoices, tax forms, driver’s licenses, credentials and other personal data shared between users on the platform.

Security researchers indicated that some of the files were indexed by search engines, making them discoverable through public search results. The exposure was attributed to the use of publicly accessible URLs, which may have allowed certain shared files to be viewed without restrictions if indexed.

Fiverr rejected the claims, stating that the situation does not constitute a cybersecurity incident. The company said the content in question was uploaded by users during normal marketplace activity, often as part of work samples or project-related exchanges between buyers and sellers. It added that such uploads require user consent and are governed by agreements between parties on the platform.

The company also said it does not proactively expose private user information and emphasized that requests to remove content are handled promptly.

Additional claims circulating online suggested that the data may have been accessible for several weeks prior to public disclosure and that attempts were made to alert the company before the information was shared more widely. The alleged exposure has drawn attention to potential risks associated with third-party storage services and the handling of sensitive data within digital marketplaces.