85 million users, active since 2009, thousands of shared files every day. What about security? Is Wetransfer secure or are there any issues to consider?
In this article, we want to shed light on Wetransfer, a free file transfer service that has existed since 2009. Today it counts 85 million users and thousands of shared files daily. Its strong point is the simplicity to send documents up to 2GB to 20 email addresses simultaneously, without any subscription or registration to the site.
Wetransfer has also realized a community of artists around its service: from the launch date, Wetransfer has distributed 30% of the advertising background spaces to support and give notoriety to artists. This means every time people have a file to download, they can appreciate unique artworks, delivering value-added while they wait.
On this page, you’ll find:
Let’s go find out!
The first key element we analyse is the Wetransfer’s process to encode information. Wetransfer doesn’t use end-to-end encryption. In Wetransfer’s documentation, you can read that files are encrypted when:
Once files are stored, you can only access them with links sent from the sender to the recipient. However, we have to add a consideration: to access the Wetransfer files just a simple link is needed, while a password isn’t required. Thus, your files are safe only if the recipient preserves the link safely and if the sender does it too!
If the link was shared on Facebook, this would instantly expose your file to relevant privacy and security issues.
Without end-to-end encryption, the communication sender-receivers isn’t safe. Wherefore, if you send data via Wetransfer, you must be aware that this data is first uploaded to the provider’s cloud storage.
This creates a security gap in file transfer, where attackers could intercept the email and then access data. This means that Wetransfer is not really secure on this side.
Related reading: What is secure file transfer & why it changes the game
Several experts stated that today many clouds are used by companies for business purposes. Often these clouds have not been created for businesses and therefore don’t provide security guarantees for the data being exchanged!
Wetransfer is a service created for private users. If an enterprise shares sensitive data through this platform its data can be intercepted. Unfortunately, this is a situation that already happened in the past. In June 2019 a security incident happened: emails supporting Wetransfer services were sent to unwanted email addresses.
Criminal organizations know that companies use exchange services like Wetransfer and consequently exploit them to bypass cybersecurity at the email level. Therefore, Cyber-thieves know where and when these services are used and, for these reasons, can take advantage of them to spread malware.
Another unexpected event on this topic happened in 2015. There was a case of phishing: different users had received fake emails with which it was believed that the link to download was sent directly from the Wetransfer server, but, instead, it was a page that cheated the graphics, hosted on compromised servers that served as a “virus diffusion center”.
These are examples of a phenomenon that happens more and more frequently. Cybercrime is the greatest threat to every company in the world, and one of the biggest problems.
Cybersecurity Ventures, an official Annual Cybercrime Report, predicts “cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015” and that “a business will fall victim to a ransomware attack every 14 seconds by 2019, and every 11 seconds by 2021”.
Another problem concerns the "premium" service offered by Wetransfer to companies. The service allows the company to obtain a unique subdomain (for instance: examplecorp.wetransfer.com) and the ability to enter the brand and logo of your company on its upload/ download interface and on email notifications of the file transfer.
This is a loading portal open to anyone and whoever, without any verification, can use a company’s Wetransfer Plus URL to upload, send and host files. Uploaded files can be sent by email to anyone and the recipient receives an email with the company’s brand, even though no one at the company authorized it!
In line with the previous topic, Wetransfer uses storage locations in the United States for its service applying the “Patriot Act” and the “Cloud Act”. These laws allow US authorities to access personal information. For these reasons, your privacy isn’t guaranteed.
Related reading: How to protect your privacy online: 5 actionable tips!
“If you’re not paying for the product, then you are the product,” goes a saying that has been around since the 1970s. When applied to internet companies, the adage explains that even though some services appear free, they make money by some other means. This appears to be true even for Wetransfer. When you use this service you pay a price for its simplicity and comfort, a price that does not translate into “money”, but:
Related reading: Safest cloud storage of 2021: 9 best solutions
Wetransfer is a service demanded by many consumers. Most of them use it for its simplicity and convenience, but is Wetransfer secure? Not really since it makes every user’s privacy vulnerable. This problem is even more serious and urgent when the users are companies and there are business dynamics. The worst risk is the interception of files that can occur between sender and recipient.
Here, there are some solutions.
Cubbit is an innovative solution that was born in 2016. It’s the first distributed cloud provider without a data center that offers privacy by design and three levels of security:
These are steps on which Cubbit’s zero-knowledge encryption is based where no one, not even the provider, can access your files.
Moreover, in Cubbit, individuals and organizations can find specific services tailored for both of them.
An interesting feature is Cubbit Private Link that allows you to share your files safely because each file is protected by a private link. Thanks to this feature, if you want to send a file that only the recipient can see:
Thanks to this structure the communication sender-receiver is protected by end-to-end encryption and the risks of cybercrimes events don’t exist anymore.
For these reasons, Cubbit could be a revolution for your business guaranteeing you peace of mind.
We have answered to the question "Is Wetransfer secure?" and noticed that one of the most used services for file-transfer hides issues. This could be a risk for your privacy and file security. Nowadays it is essential to protect our personal information. This implies that we need to make conscious choices, especially when we navigate on the Internet and rely on free web service.
The punchline of this article is: stay aware, pay attention and find the optimal solution for yourselves and your company network.
Violation of privacy is a risk. When it happens, it has devastating consequences. You can avoid it.
Don’t ignore what concerns yourself. Get your Cubbit Cell and try it for 30 days, if you decide it's not for you we'll issue a full refund. Shipping included!
Subscribe not to miss new articles and updates about Cubbit.
Cinquanta aziende provenienti da tutto il territorio italiano e da svariati settori - servizi, ICT e tecnologia, industria, meccanica di precisione, consulenza, cooperative e consorzi, PA, agroalimentare e FMCG - hanno aderito al programma della startup bolognese membro di GaiaX. Prende così vita, a partire dall’Italia, la prima rete B2B di cloud storage distribuito in Europa.
Wouter is a patent attorney, formerly at Nokia. After the WeTransfer security flaw, he switched to Cubbit for a file backup with end to end encryption.
Intervistiamo Daniele Righi, Chief Innovation & Business Development Officer di Linkem - riguardo alla sperimentazione Linkem & Cubbit per un nuovo paradigma di cloud distribuito.
Learn how you can secure your files in the safest place on the internet - plus subscriber-only special news and offers.