An unpleasant security incident occurred in the WeTransfer file sharing service, as the company announced, for two days it was sending shared files to the wrong people.
The WeTransfer service is widely used worldwide for the transfer of large files, and this incident is considered a major security issue.
As of today, users of the service have started receiving emails from WeTransfer [ 1 , 2 , 3 ] who were informed that on June 16 and 17, the files sent with the WeTransfer service were also delivered to unrelated people. The email says that the team does not know what happened and that they are working to alleviate the situation.
The full text of this message is as follows:
Dear WeTransfer user,
We are writing to inform you of a security incident in which many WeTransfer emails have been sent to the wrong people. This happened on 16 and 17 June. Our team is working tirelessly to rectify and contain this situation, as well as to learn how it happened.
We understand that a transfer you made or received was also delivered to some people who did not intend to go. Our records show that these files were accessed, but it is almost certain that they were from the intended recipient. However, as a precaution we blocked the connection to prevent further downloads.
As your email address was also included in the transfer message, please be aware of any suspicious or unusual emails you may receive.
We understand how important your data is and we do not take for granted your trust in our service. If you have any questions or concerns, just reply to this email to contact support.
The WeTransfer Team
The WeTransfer service posted a security alert on its website, according to which some accounts were disconnected, reset their passwords to protect the accounts and that they blocked access to the transport links involved in the incident. However, they did not provide further details on how this happened.
Because the whole incident does not seem to be a random programming error, there is a possibility that it is a more serious issue, such as a breach of their network. If you have seen a strange behavior from the service, such as sending emails that do not concern you or difficulty in accessing the service or even if you have received such a notification, please share your experience with a comment at the end of this article.