Last Friday, we informed our users about the security incident we discovered on June 17th. The incident took place across June 16th and 17th. With this update we would like to share the findings of our investigation.
Our support team first noticed unusual activity after seeing mail delivery problems to some of our users. Upon discovery, we logged out all WeTransfer Plus users as a precaution, reset the passwords of those that could potentially have been affected in the time frame of the incident, and blocked Transfer links to ensure the security of our users' content. Additionally, we hired an external security firm to assist with the investigation.
Our investigation shows that around 232.000 people - 2.5 percent of our users on June 16th and 17th - have been affected. These users have been informed about their specific situation. We believe that the vast majority have had their email addresses shared with no compromise of their Transfer data. We have reached out personally to users where our investigations have shown someone's transfer may have been viewed or downloaded, and we continue to follow up with them.
From our investigations we can currently conclude that the incident, which has since been resolved, was caused by a hacker adding recipients to our service emails. This resulted in our service emails being co-delivered to unintended email addresses. We have informed the data protection authorities and are working with the security firm and law enforcement on further investigating the incident.
We understand how important the data of our users is and never take their trust in our service for granted. We continue to work hard to make sure we keep our users’ data safe.