An unpleasant incident better safetys occurred at the file sharing service WeTransfer as, as the company announced, it was sending shared files to the wrong people for two days.
The WeTransfer service is widely used worldwide for the transfer of large files, and this incident is considered a major security issue.
As of today, users of the service have started receiving emails from WeTransfer [ 1 , 2 , 3 ] who were informed that on June 16 and 17, the files sent with the WeTransfer service were also delivered to unrelated people. The email says that the team does not know what happened and that they are working to alleviate the situation.
The full text of this message is as follows:
Dear WeTransfer user,
We are writing to inform you of a security incident, to which many have been sent emails of the WeTransfer service to the wrong people. This happened on the 16th and 17th of June. Our team is working tirelessly to fix and contain this situation, as well as find out how it happened.
We understand that a transfer you made or received was also delivered to some people it was not intended to go to. Our records show that these files were accessed, but it is almost certain that it was by the intended recipient. Nevertheless, as a precaution we blocked her connection to prevent further downloads.
As your email address was also included in the transfer message, please be aware of any suspicious or unusual emails you may receive.
We understand how important your data is and we do not take for granted your trust in our service. If you have any questions or concerns, just reply to this email to contact support.
The WeTransfer Team
The WeTransfer service posted a security alert on its website, according to which some accounts were disconnected, reset their passwords to protect the accounts and that they blocked access to the transport links involved in the incident. However, they did not provide further details on how this happened.
Since the whole incident doesn't seem like a random programming error, there's a chance it's a more serious issue, like a breach of their network. If you have also seen strange behavior from the service, such as sending emails that do not concern you or difficulty access service or even if you received such a notification, please share your experience with a comment at the end of this article.