Before diving into the nitty-gritty of WeTransfer’s security practices, let’s briefly explain how the service works. WeTransfer is a file-sharing service that provides the simplest method of sending large files seamlessly across the globe. In fourteen years, it has expanded its services to include productivity and collaboration tools like WePresent and Paper.
WeTransfer provides encryption for files during transfer and storage on their servers. However, it's important to note that they don't provide end-to-end user encryption. This means that files can become vulnerable to unauthorised access when accessed or downloaded through a link, as they become unencrypted.
The existence of this loophole represents a significant security threat. It undermines the effectiveness of WeTransfer's other security measures, including their two-factor authentication (2FA) and the password protection feature available for subscribers of WeTransfer Pro and WeTransfer Premium.
To address this concern, WeTransfer claims to collaborate with two independent security companies and employs ethical "white-hat" hackers to search for vulnerabilities in their services. Additionally, the platform has partnered with Microsoft to enhance its monitoring system for malicious content.
WeTransfer's ease of use is a significant benefit; however, when you agree to WeTransfer's privacy policy or sign up for one of their paid plans, you expose yourself to many potential risks that outweigh the benefits of their service.
WeTransfer's free version is not entirely secure as the company only encrypts files and user data during transmission and storage without offering an option to secure the files with a password. This increases the risk of information leakage since the download links can be accessed easily by unauthorised parties in the event of a sender's error or service malfunction, as previously mentioned.
As a result, the sender has little control over who has access to the uploaded files. Therefore, avoiding sharing sensitive files through third-party service providers is best.
WeTransfer, like other online services, can be vulnerable to data breaches. In 2019, it accidentally transferred files to the wrong recipients for two days. This is a good example of how involving a third party in file transfers can create additional security concerns.
If you are a fan of WeTransfer’s user-friendly interface, it is important to note that it’s just as easy for a hacker to use. Hackers often use WeTransfer to create malicious URLs or files containing malware and send them to unsuspecting internet users through anonymous emails. The best action is to avoid clicking on suspicious-looking links or downloading files you were not expecting to receive.
WeTransfer collects personal information, including contact and payment details, and uses cookies to track data. Service providers also have access to your data. This could pose a security risk if WeTransfer's servers were hacked. Additionally, personal information may be disclosed under the USA Patriot Act due to servers being located in the US.