Fiverr Community Forum

Anyone logged in can download anyone's message/notifications attachments

Greetings to all!

I would love to report a Potential Data Leak/Customer data leak or even customer data stealing/etc… here. How Fiverr classifies it could be different, but this is something serious fiverr should perhaps look into and fix.

Any attachment that the customer communicates with seller or viz. And any attachments (specifically rar/zips) etc that is delivered by the seller under Notifications:

  • If I copy the link and give it someone else in fiver & If that “someone else” is logged into fiverr, he/she can download that file/attachment

Long story short - If USER-A has links of USER-B & if USER-A is logged in, then USER-B’s files can be downloaded by USER-A

Scenarios:

  • lets say you are in a environment where you’r internet activity is monitored by in-house/commercial security tools, and every link/url gets monitored.
  • lets say someone accidentally gets a hold of someones delivery link
2 Likes

Greetings and thank you!

If you haven´t yet, you should report this to Fiverr Customer Support directly too, then it may be looked into faster.

:arrow_right: https://support.fiverr.com/hc/en-us/requests/new

1 Like

Thank you!

Did So just now.

Thanks
Sriram

1 Like