'Anyone with a link' became 'Anyone', exposing private files to public?

Question

I have been surprised today to receive a request for edit access from a random person outside of my organization that somehow could access a design file.

Design file was inside a Team space, in Professional plan with Share options ‘Anyone with a link’.  To my astonishment, when I clicked ‘Share’ button I saw literally ANYONE can see it!

How come? Has there be any changes recently to Figma access settings that turn ‘Anyone with a link’ to ‘Anyone’? That is a big difference and actually could lead to a very serious breach.

Nishant_Julian_Minj · Answer

Me and my team noticed this same issue on June 5, and were very surprised. Had to rush and change the access settings to Invite Only. The access settings used to be ‘Everyone at ‘Team Space’ can access this file’ (meaning members only) which suddenly switched to ‘Anyone’ (meaning Anyone, even those outside your organization, will be able to access this file.)

This is a big change and I’m not aware of any notifications from Figma team. This happened a day after the ‘Drafts’ update was rolled out. And yes, this is a serious breach.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded