27.06.2019

WeTransfer has "security incident"

WeTransfer, a popular online service for sharing large files without having to worry about mailbox size, has had a “security incident”.

WeTransfer have emailed affected users and confirmed on the WeTransfer website that the service sent emails containing file transfer links to unintended email addresses between 16th June and 17th June 2019.

As a result, unauthorised recipients could have accessed private files that were sent via the trusted party.

In a statement by WeTransfer, the company commented:

“We discovered a security incident on Monday, June 17th, where e-mails supporting our services were sent to unintended e-mail addresses. We are currently informing potentially affected users and have informed the relevant authorities.

This incident took place on June 16th and 17th, and upon discovery, we immediately took precautionary security measures to protect our users. This means that users might have been logged out of their account or asked to reset their password in order to safeguard their account. Additionally, we have blocked Transfer links to ensure the security of our users’ transfers”.

From this statement there are still questions which needs answering;

  • How many users were affected?

  • How many email transfer links were sent to unauthorised parties?

  • How many email addresses were the errant file transfer link messages sent to?

  • Were the unauthorised email recipients seemingly random? Other users of WeTransfer? Or was it just a small number of email addresses that received all the messages?

  • Was this a screw-up or the result of a malicious act?

  • If it is believed it was malicious – have the authorities been informed?

  • What steps have been taken to prevent a similar incident occurring again in the future?

  • WeTransfer claims to be GDPR-compliant, and is based in the EU. Considering the potential sensitive nature of information that might have been being transferred, has the security breach been reported to data protection regulators?

If you want to send your personal or business communication securely, with inbox-to-inbox encryption and with 256-bit encryption, look no further than Frama!

Frama RMail is a new email security tool which ensures that standard emails and documents can be sent registered and encrypted directly in to the clients in box.

Top five reasons to choose the RMail solution

  • Unique Registered Receipt– Acertified, tamper-proof receipt containing all information about what was sent, when and to whom providing legally verifiable proof of delivery and content. All content is digitally sealed upon sending.

  • Stay compliant– End-to-end email encryption that is auditable and legally verifiable. This feature will ensure that your business is compliant under data protection legislation when sending sensitive/personal data via email.

  • Send to anyone- Ease of use for recipient, with no account or software required to open and/or reply within the encrypted environment.

  • Protecting your data– Unlike other email platforms, RMail does not store any of your information in the cloud.

  • Additional features as standard– As well as Registered Receipt and encryption, RMail also provides e-signature tools, the ability to send large files up to 1GB in size and anti-fraud detection to combat phishing and whaling attacks.

Contact us

  • we transfer logo