How secure is WeTransfer for data exchange?

"You can send me the files via WeTransfer." You have surely heard this sentence more often. Even large companies send their files with WeTransfer. But what about data security? Can unauthorized persons access the data?

What is WeTransfer?

WeTransfer is a service for file transfer. With the help of this service, large files can be sent. The files are first uploaded to a cloud. The download link can then be shared with other people by e-mail. The data is stored on the file-sharing server for a certain period of time. The provider then deletes the files from the cloud again.

How to use WeTransfer

In the free version, users can send files up to 2 GB in size. A maximum of 3 recipients can be entered here, who can then download the content via a download link. However, the files do not remain available indefinitely. WeTransfer deletes this data in the free version after 7 days.

In the paid Pro version, data transfer of up to 20 GB is possible. You can send the files to up to 50 people.

Is the data transfer protected?

When it comes to the question of security, it is first important to know that some of the data is uploaded to servers in the USA. Although WeTransfer is based in the Netherlands, it uses storage locations in the United States. Thus, the EU's GDPR does not apply, but the "Patriot Act" and the "Cloud Act". These laws allow US authorities to access personal data. Your data is therefore not protected!

WeTransfer sent links to the wrong customers

In addition to the servers in the USA, sending the data transfer links also has a security problem. In the summer of 2019, WeTransfer accidentally sent big data to the wrong recipients. Here, download links were sent not only to the intended recipient, but also to third parties who were able to download the data. This gave unauthorized parties access to confidential data. WeTransfer reacted directly: the download was blocked immediately and all those affected were informed. However, it is not known how many users were affected by this security leak.

Customers should therefore be aware that there is a risk when uploading and sending files via the file-sharing system. Although it does not happen often, it is not completely impossible that files could unintentionally get to unauthorized persons.

This is what users should pay attention to

When you send large data via WeTransfer, you should be aware that it is first uploaded to the provider's cloud storage. Uploading to the platform and sending the links is usually encrypted. This process is therefore usually harmless. However, the situation becomes more critical at the recipient's end. The recipient receives the e-mail in unencrypted form so that he or she can download the data. This creates a security gap in the file transfer, which could allow third parties to intercept the e-mail and thus access the data.

To prevent possible misuse, you should not send any unencrypted and sensitive data via the platform. This applies especially to personal data, company files, tax returns, and private pictures and videos.

The alternative to WeTransfer is Suisse-Key

A secure alternative for the exchange of large files is Suisse-Key. With Suisse-Key you can also create links (URL's) for files you want to send, which can be sent by email. The recipient of the link can then download the file via WebBrowser. In contrast to WeTransfers, Suisse-Key uses end-to-end encrypted data transfer, all data always remains in Switzerland and the links can be password protected. The sender always retains complete control over his data.