The WeTransfer file-sharing platform reported a computer attack on June 16 and 17 and cannot guarantee that 232,000 people have reached the intended users.
WeTransfer acknowledges the data leak occurred because “a hacker added recipients to the service’s emails” and the messages were sent “to unwanted addresses. To use the platform, the user simply has to indicate the mail of the people to whom he wants to deliver the files and the web is responsible for distributing them. The attack caused the data to reach addresses not included in this list.
The first sign of alarm was the delay in the service. Internet users use this page to quickly send large files that, due to their large size, cannot be sent through the usual mail platforms. Although the time varies depending on the size of the document, those affected noticed how the process lasted for hours.
When the company detected the problem, it logged out “all users and changed passwords for affected accounts”. However, this could only be done with people who used WeTransfer Plus, the paid version of the website, as the free version does not require registration. In order to contain the hacking, the platform cancelled all download links of the affected emails. In this way, access was cut off to possible pirates but also to addresses included in the list of recipients.
The entity has already reported the attack to the police and hired a security company to conduct an investigation. “We have personally contacted the people whose transfers could have been seen or downloaded in order to be able to follow up,” they explained.