WeTransfer Sent Customer's Files to Incorrect Recipients

Today we heard some news which had passed relatively quietly through the usual media outlets, despite it being highly embarrassing for the cloud-based managed file transfer vendor WeTransfer.

On the 21st of June 2019, WeTransfer started to send security incident email warnings to their customers. Letting them know that between the 16th and 17th of the same month, some files sent by users of the system had their files sent to the wrong recipient.

Not only does this constitute a violation of the GDPR, depending on the content of the files; but is highly embarrassing for WeTransfer as they acknowledge that they have no idea as to how this has happened.

WeTransfer Email MFT Mistake

As a result of this problem, WeTransfer decided to log some user accounts out and initiate a reset password process. This is a curious approach to the issue they have suffered, with some commentators and websites pointing out that this could be a sign of something more sinister, such as a network breach.

However, it is important to point out that at this stage we do not have any information to confirm this.

For more information about this security incident and how it develops, please refer to WeTransfer's security notice on their website.


How Managed File Transfer Can Help

While WeTransfer's customers would undoubtedly be surprised and upset by this development, some may find their views on using cloud software for the transfer of sensitive data too risky, now justified.

Progress MOVEit Transfer, Fortra's GoAnywhere and Globalscape and Axway are well-known and respected managed file transfer solutions which are available in three architectural flavours: cloud, Microsoft Azure and crucially, an on-premise self-hosted software option.

Comparable to the process of sending a file in WeTransfer, Managed File Transfer can mimic the action of sending an email with an attachment but securing the attachment using encryption, and therefore protecting its content from unauthorised access.

These tools are not capable of sending sensitive content to unknown recipients through cross-contamination, for the simple reason that it is not a shared environment, as WeTransfer is.

If you would like to learn more about Managed File Transfer and how it can help with your need to transfer sensitive files and messages, you can book a meeting with one of our solution specialists.

About the Author

headshot of Christ Payne, Director of Strategic Alliances and Technical at Pro2col


Chris Payne is the Director of Strategic Alliances and Technical at Pro2col, with decades of experience in software management and Managed File Transfer solutions. Chris is not your traditional techie with server racks under the stairs. He advocates for a healthy work/life balance, saving his love for technology for work and developing his passion for craft beer at home. Chris is a qualified brewer and has on occasion whipped out the brewing equipment. He’ll be up for a Friday pint.

Find out more about Chris Payne here.