“You can send me the files via WeTransfer.” You have surely heard this phrase many times before. Even large companies send their files with WeTransfer . But what about data security? Can unauthorized persons access the data?
What is WeTransfer?
WeTransfer is a service for data exchange (engl. = File Transfer). With the help of this service you can send large files. The files are first uploaded to a cloud. The download link can then be shared with other people by email. The data is stored on the file sharing server for a certain period of time. The provider then delete files from the cloud again .
How to use WeTransfer
In the free version, users can send files of up to 2 GB . A maximum of 3 recipients can be entered here, who can then download the content via a download link. However, the files are not available indefinitely. WeTransfer deletes these files in the free version after 7 days.
In paid pro version data transfer of up to 20 GB is possible. You can send files to up to 50 people.
Is the data transfer secure?
When asking about security information it is important to know that some data is uploaded to servers in the United States. Although WeTransfer is based in the Netherlands, it uses storage locations in the United States. Therefore, the EU GDPR does not apply, but the ” Patriot Act ” and the ” Cloud Act “. These laws allow US authorities to access personal data. Your data is therefore not protected!
WeTransfer sent links to the wrong customers
In addition to servers in the USA, sending links for data transfer also presents a security problem. In the summer of 2019, WeTransfer inadvertently sent large data to the wrong recipients . Here, the download links were not only sent to the intended recipient, but also to third parties who were able to download the data. This allowed unauthorized persons to access confidential data. WeTransfer reacted directly: the download was immediately blocked and all interested parties were informed. However, it is not known how many users were affected by this security leak.
Customers should therefore be aware of the risk of uploading and sending files via the file sharing system. While it doesn’t happen very often, it cannot be completely ruled out that files may unintentionally end up in the hands of unauthorized people.
What users should consider
If you are sending large data via WeTransfer, please note that this data is first uploaded to the provider’s cloud storage. Uploading to the platform and sending links are usually encrypted. This process is therefore usually unscrupulous. However, it becomes more critical in the location of the recipient. Because it receives the email in unencrypted form so that you can download the data. This creates a security hole in file transfer where foreign people could intercept the mail and thus access the data.
To prevent possible misuse, do not send unencrypted and sensitive data via the platform. This applies in particular to personal data, business files, tax returns and private photos and videos.