People outside our company request view access on files that are only for invites

We’ve had several completely random people outside of our organisation requesting access to view files that they technically should never have known existed. How do they get access to our files? They have not been shared, they are all set to invite-only and only participants inside our organisation should be able to see these files. It’s happened at least 4 times with 4 different external people, all on supposedly locked and private files. These are company confidential files - how is this possible? How do we prevent this from happening?

Hi there,

I understand your concern. To confirm, have you set the file to “Anyone with the link”? I guess the user in question might have gained access to the link, viewed the file, and requested editing permissions.

I recommend changing the permissions to allow only team members with the link to view the file, rather than anyone in general. This will provide an added level of security.

You can learn more about file sharing permissions here: Share files and prototypes.

If you have more questions, please feel free to reach out to our support team. They can look into this:
https://help.figma.com/hc/en-us/requests/new?ticket_form_id=360005944714

Thanks,
Toku

Thanks, yes it is concerining, especially because the link setting is set to “Only those invited” and we haven’t invited anyone from outside the company. We haven’t even shared any links at all to this particular file. Thanks for the link to support, I’ll reach out there and see how we can resolve this.

1 Like