WeTransfer Blunders by Sending User Files to the Wrong Email Addresses

Published on June 22, 2019
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist
image source: wetransfer.com

WeTransfer has released a security notice, informing its userbase that several file packages sent between June 16 and 17 have ended up on the inbox of the wrong people. The mistaken transfer links have now been blocked, and the accounts that were affected by this issue have been reset, so their owners will be asked to set new passwords now. WeTransfer is a very popular cloud-based file transferring service that allows users to send files of up to 2 GB of size for free, to any email address they want.

For increased security, the service offers an optional password protection feature, which may have saved the day for the users who had their files sent to the wrong email addresses recently. In addition to the announcement, the users who have been affected by the security incident received an email. In this personal message, WeTransfer claims that the files reached the recipient they were intended for, but unfortunately also reached a number of additional people. How many these additional users are, remains a mystery. Could this mean that users may have sent their files to thousands? Since WeTransfer isn’t shedding any light on that part, it’s entirely plausible.

The other part of the incident that WeTransfe isn’t clarifying is the technical aspect, and what exactly caused the messing up of the email addresses. Since the affected users have had their accounts force-reset, we can deduce that there must have been a breach in the service’s systems. Nothing can be said with certainty, and WeTransfer promised to update the people with more information as soon as their internal investigation is concluded. Right now, the platform is informing the authorities of the incident, so we will have to wait before we know more about what happened.

WeTransfer has been around for a full decade now, and this is the first time ever that it has blundered so badly. The file transferring service has partly based its success on the fact that it has been so reliable, but of course, the danger of something like wrongful file distribution is always a possibility with Cloud platforms. In this case, the first signs show that we’re not dealing with an accidental misconfiguration, but a malicious act possibly carried out in a way to enable the infiltrators to grab millions of user files during the two days of the incident.

Have you received a letter from WeTransfer? Let us know in the comments down below, and help us spread the word by sharing this post through our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: