Epic privacy fail: WeTransfer shared its users' files with the wrong people
Sharing files using the cloud is very convenient, but understandably, some people are hesitant to do so with sensitive or private information. These privacy-conscious folks may be looked at as "paranoid" by some, but you know what? As more and more breaches occur, it is becoming harder to trust the cloud with files. And so, the "tinfoil hat" wearers start to look quite sensible.
As an example, popular cloud-based file-sharing service WeTransfer has failed in epic fashion. You see, the company not only shared files with the intended recipients, but with random strangers too! Yes, that private information you didn't want seen by anyone other than your intended audience may have been viewed by the wrong person. Good lord.
The file sharing service sent the following email to impacted users.
Dear WeTransfer user,
We are writing to let you know about a security incident in which a number of WeTransfer service emails were sent to the wrong people. This happened on June 16th and 17th. Our team has been working tirelessly to correct and contain this situation and find out how it happened.
We have learned that a transfer you sent or received was also delivered to some people it was not meant to go to. Our records show those files have been accessed, but almost certainly by the intended recipient. Nevertheless, as a precaution we blocked the link to prevent further downloads.
As your email address was also included in the transfer email, please keep an eye out for any suspicious or unusual emails you receive.
We understand how important your data is and never take your trust in our service for granted. If you have any questions or concerns, just reply to this email to contact our support team.
The WeTransfer Team
Well, it doesn't get much worse than that, folks. I mean, look, WeTransfer had one job -- share files with the correct friggin' people! Moving forward, it will be very hard for users to trust the company. Hell, they even exposed the sender's email address, which can lead to spam and phishing attempts too. Sigh.
Are you a WeTransfer user? Will you stop using the service as a result of this blunder? Please tell me in the comments below.
UPDATE: After BetaNews broke this news, WeTransfer shared more details on their website here. The company says it has forced some users to change passwords, meaning login credentials may have been stolen, but not definitely. They have also contacted authorities, signaling this may not be an accident, but a criminal breach.