diff --git a/src/pretix/base/models/base.py b/src/pretix/base/models/base.py
index 4d41e46980..1f09ec0f8a 100644
--- a/src/pretix/base/models/base.py
+++ b/src/pretix/base/models/base.py
@@ -5,12 +5,14 @@ from django.contrib.contenttypes.fields import GenericRelation
 from django.db import models
 from django.db.models.signals import post_delete
 from django.dispatch import receiver
+from django.utils.crypto import get_random_string
 
 from pretix.base.i18n import I18nJSONEncoder
 
 
 def cachedfile_name(instance, filename: str) -> str:
-    return 'cachedfiles/%012d.%s' % (instance.id, filename.split('.')[-1])
+    secret = get_random_string(length=12)
+    return 'cachedfiles/%s.%s.%s' % (instance.id, secret, filename.split('.')[-1])
 
 
 class CachedFile(models.Model):
diff --git a/src/pretix/base/views/cachedfiles.py b/src/pretix/base/views/cachedfiles.py
index 2f9735646b..b10f2d8c97 100644
--- a/src/pretix/base/views/cachedfiles.py
+++ b/src/pretix/base/views/cachedfiles.py
@@ -1,4 +1,6 @@
-from django.http import HttpRequest, HttpResponse
+import os
+
+from django.http import FileResponse, HttpRequest, HttpResponse
 from django.shortcuts import get_object_or_404, redirect
 from django.utils.functional import cached_property
 from django.views.generic import TemplateView
@@ -17,6 +19,9 @@ class DownloadView(TemplateView):
         if 'ajax' in request.GET:
             return HttpResponse('1' if self.object.file else '0')
         elif self.object.file:
-            return redirect(self.object.file.url)
+            resp = FileResponse(self.object.file.file, content_type=self.object.type)
+            _, ext = os.path.splitext(self.object.filename)
+            resp['Content-Disposition'] = 'attachment; filename="{}.{}"'.format(self.object.id, ext)
+            return resp
         else:
             return super().get(request, *args, **kwargs)