How secure is WeTransfer?

Daniel Strain 19-Sep-2023 08:15:00
Laptop screen displaying the 'We' of the WeTransfer logo.

We’ve all been there; you must share a file with your colleague, but you’re met with the dreaded error message: “file too large”. In such situations, you might turn to WeTransfer. But is this really the best option for sharing files? 

At Netitude, we understand this issue all too well. Fortunately, our Cybersecurity expert, Shimon Sorga, has provided some insight into the security practices of WeTransfer, a widely used file-sharing service with over 80 million active users. Plus, Micheal Hamer (Virtual IT Director) provides his recommendation for external and internal file-sharing. 

Before diving into the nitty-gritty of WeTransfer’s security practices, let’s briefly explain how the service works. 

WeTransfer Explained

WeTransfer is a file-sharing service that provides the simplest method of sending large files seamlessly across the globe. In fourteen years, it has expanded its services to include productivity and collaboration tools like WePresent and Paper. 

How secure is WeTransfer?

WeTransfer provides encryption for files during transfer and storage on their servers. However, it's important to note that they don't provide end-to-end user encryption. This means that files can become vulnerable to unauthorised access when accessed or downloaded through a link, as they become unencrypted. 

The existence of this loophole represents a significant security threat. It undermines the effectiveness of WeTransfer's other security measures, including their two-factor authentication (2FA) and the password protection feature available for subscribers of WeTransfer Pro and WeTransfer Premium. 

To address this concern, WeTransfer claims to collaborate with two independent security companies and employs ethical "white-hat" hackers to search for vulnerabilities in their services. Additionally, the platform has partnered with Microsoft to enhance its monitoring system for malicious content. 

The risk of using WeTransfer

WeTransfer's ease of use is a significant benefit; however, when you agree to WeTransfer's privacy policy or sign up for one of their paid plans, you expose yourself to many potential risks that outweigh the benefits of their service. 

Leaked information and unauthorised access

WeTransfer's free version is not entirely secure as the company only encrypts files and user data during transmission and storage without offering an option to secure the files with a password. This increases the risk of information leakage since the download links can be accessed easily by unauthorised parties in the event of a sender's error or service malfunction, as previously mentioned.  

As a result, the sender has little control over who has access to the uploaded files. Therefore, avoiding sharing sensitive files through third-party service providers is best. 

Data breaches and security incidents

WeTransfer, like other online services, can be vulnerable to data breaches. In 2019, it accidentally transferred files to the wrong recipients for two days. This is a good example of how involving a third party in file transfers can create additional security concerns. 

If you are a fan of WeTransfer’s user-friendly interface, it is important to note that it’s just as easy for a hacker to use. Hackers often use WeTransfer to create malicious URLs or files containing malware and send them to unsuspecting internet users through anonymous emails. The best action is to avoid clicking on suspicious-looking links or downloading files you were not expecting to receive. 

Privacy and surveillance

WeTransfer collects personal information, including contact and payment details, and uses cookies to track data. Service providers also have access to your data. This could pose a security risk if WeTransfer's servers were hacked. Additionally, personal information may be disclosed under the USA Patriot Act due to servers being located in the US. 

What do our Technology Experts Recommend?

WeTransfer is a high-risk, low-reward service. Therefore, we don't recommend it to our clients. Instead, we suggest using a more secure file transfer service like Microsoft SharePoint. 

SharePoint allows you and your team to manage data better, easily and securely transfer files, and collaborate more effectively. 

Virtual IT Director Michael Hamer states, "When you share from SharePoint, your data stays completely under company control. Your IT team will have worked with your compliance and legal team to set up policies that help you to follow best practices and avoid sharing mistakes which could expose sensitive data more widely than expected"

Some benefits of SharePoint include secure cloud storage, real-time co-authoring, customisable permissions, and powerful search capabilities, all integrated with Microsoft 365 tools for increased productivity and effective version control. 

If you’d like to learn more about SharePoint and how Microsoft 365 can benefit your business, get in touch with one of our experts today.