- aa9ea0686c5d1aa9086d4b12c3aa05f2 s 50 d mm r g - WeTransfer security failure results in file transfer emails being sent to the wrong people

WeTransfer security failure results in file transfer emails being sent to the wrong people  - wetransfer 730 - WeTransfer security failure results in file transfer emails being sent to the wrong people

WeTransfer security failure results in file transfer emails being sent to the wrong people  - wetransfer 730 - WeTransfer security failure results in file transfer emails being sent to the wrong people

WeTransfer, the popular online service for sharing large files easily without having to worry about gobbling up email inbox quotas, has suffered what the is calling a “ incident.”

According to an advisory emailed to affected users, and confirmed on the WeTransfer website, the service sent emails containing file transfer links to unintended email addresses on June 16 and 17.

As a consequence, unauthorised parties could have accessed private files you were attempting to transfer to a trusted party.

WeTransfer notified users via email.  - wetransfer email - WeTransfer security failure results in file transfer emails being sent to the wrong people
WeTransfer notified users via email.

The statement on WeTransfer’s website read as follows:

We discovered a security incident on Monday, June 17th, where e-mails supporting our services were sent to unintended e-mail addresses. We are currently informing potentially affected users and have informed the relevant authorities.

This incident took place on June 16th and 17th, and upon discovery, we immediately took precautionary security measures to protect our users. This that users might have been logged out of their account or asked to reset their password in order to safeguard their account. Additionally, we have blocked Transfer links to ensure the security of our users’ Transfers.

Wetransfer email 1  - wetransfer email 1 - WeTransfer security failure results in file transfer emails being sent to the wrong people

Unfortunately, WeTransfer’s brief statement leaves plenty of questions hanging in the air:

  • How many users were affected? How many email transfer links were sent to unauthorised parties?
  • How many email addresses were the errant file transfer link messages sent to?
  • Were the unauthorised email recipients seemingly random? Other users of WeTransfer? Or was it just a small number of email addresses that received all the messages?
  • Was this a screw-up or the result of a malicious act?
  • If it is believed it was malicious – have the authorities been informed?
  • What steps have been taken to prevent a similar incident occurring again in the future?
  • WeTransfer claims to be GDPR-compliant, and is based in the EU. Considering the potential sensitive nature of information that might have been being transferred, has the security been reported to protection regulators?

The version of WeTransfer does not give you the option of password-protecting the download links it sends when you try to share a file with a friend or colleague.

My advice would be to always encrypt sensitive information with a hard-to-crack, unique password before entrusting it to a cloud-based file-sharing service like WeTransfer. And then, of course, use a different medium than email to get that password to the intended recipient.

At least that way you know that you’ve made it considerably less likely that an unauthorised party will be able to snoop through your information if the file-sharing service suffers a security snafu.


- aa9ea0686c5d1aa9086d4b12c3aa05f2 s 72 d mm r g - WeTransfer security failure results in file transfer emails being sent to the wrong people



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here