really bad stuff in the results. very easy to find API tokens, penetration test reports, confidental PDFs, internal APIs. Fiverr needs to immediately block all static asset access until this is resolved. business continuity should not be a concern here.
lots of admin credentials too, which have probably never been changed
admin passwords to dating sites, that's the stuff people get blackmailed with
How does someone's dating site password end up in Fiverr?
it's worse than you think – it's an admin password to the ~whole site~
Oh my. I feel for the tech team at fiverr. I'm sure it's nasty in there. Sending virtual hugs.