diff --git a/app/controllers/export_csv_controller.rb b/app/controllers/export_csv_controller.rb
index af53d963b..74e341168 100644
--- a/app/controllers/export_csv_controller.rb
+++ b/app/controllers/export_csv_controller.rb
@@ -20,7 +20,7 @@ class ExportCsvController < ApplicationController
     export_initiated_by_user_id = UserExport.where(id: export_id)[0].user_id unless UserExport.where(id: export_id).empty?
     export_csv_path = UserExport.get_download_path(filename)
 
-    if export_csv_path && export_initiated_by_user_id == current_user.id
+    if export_csv_path && current_user.present? && export_initiated_by_user_id == current_user.id
       send_file export_csv_path
     else
       render nothing: true, status: 404
diff --git a/spec/controllers/export_csv_controller_spec.rb b/spec/controllers/export_csv_controller_spec.rb
index 9975b2cf2..440ccc11e 100644
--- a/spec/controllers/export_csv_controller_spec.rb
+++ b/spec/controllers/export_csv_controller_spec.rb
@@ -3,6 +3,14 @@ require "spec_helper"
 describe ExportCsvController do
   let(:export_filename) { "user-archive-codinghorror-150115-234817-999.csv.gz" }
 
+  context "while not logged in" do
+    describe ".download" do
+      it "returns 404 when the unauthorized user tries to export csv file" do
+        get :show, id: export_filename
+        expect(response.status).to eq(404)
+      end
+    end
+  end
 
   context "while logged in as normal user" do
     before { @user = log_in(:user) }