What if your most sensitive information wasn’t hacked, stolen, or exfiltrated—but quietly made public through everyday business processes? This talk examines how sensitive files routinely escape into the public eye via search engines, file-hosting platforms, misconfigured cloud services, shared drives and servers, URL shorteners, forgotten upload paths, and other overlooked exposure points—often without triggering alerts or raising suspicion.
Drawing on experience in cybersecurity, information privacy, and private investigations, this session explores how attackers, journalists, and investigators systematically uncover sensitive data by pivoting across people, companies, domains, filenames, usernames, and keywords. Using nothing more exotic than internet search engines, specialized file-discovery tools, and an understanding of human error, this is a practical, reconnaissance-focused talk about finding what was “never meant to be public,” why these leaks are so persistent, and how defenders can identify and reduce this exposure before someone else does.
