Back to Engineering Blog

How secure is WeTransfer?

Send your files with peace of mind

How secure is WeTransfer?

People often ask me: how secure is WeTransfer? And I always respond: Very secure. But to be honest, that answer doesn’t really cut it. Because what does being very secure really mean? I’m sure Facebook, Twitter and the countless other platforms that have suffered data breaches would also have said they were very secure.

Security check

We have to realize that security is not a box you can tick and be done with. Security is a continuous process, it requires a maintained investment in order to decrease the risks you are exposed to. At WeTransfer, we take your security seriously and continuously invest in making our company and our products more secure. So rather than just saying I believe we are very secure, I’ll give you a brief overview of what we actually do.

From the moment you type into your browser, your security is our responsibility. As soon as you hit enter we create an encrypted connection, this means no-one can eavesdrop on what you do on our website. When you upload your files to us, they also travel over an encrypted connection so they cannot be intercepted. When we store your files on our servers, we again encrypt them, so even if people got hold of them they would not be able to read them. (And good luck getting to those files in the first place – we use data centers from AWS in Europe and the US, and these facilities are some of the most secure in the world.)

When you sign up for an account with us, we offer you the option to enable two-factor authentication (2FA). This adds an additional layer of security by not only asking you for something you know (your password), but also for something you have (a one-time code generated on your mobile phone). And whether you sign up or not, whenever you enter an email address on WeTransfer, we’ll ask you to verify that address. This confirms to us that you are who you say you are, and means people cannot impersonate you. Our Pro users can also create a password for each of their transfers, adding an extra layer of security for any sensitive files.

More ways than one

Security features like 2FA, strong passwords, and fortified encryption are crucial to providing a safe product. However, if attackers can find a backdoor into your data, those features are worthless. That’s why we work with two independent security consultancies who monitor our systems and perform regular penetration tests and red teams. It’s also why we set up our responsible disclosure program, paying ethical 'white-hat' hackers to find vulnerabilities so we can fix them before they are exploited.

We've set an internal goal of fostering a culture of security – we regularly perform internal phishing tests, host security awareness sessions for everyone in the company, and organize secure coding workshops for our engineering teams. Our security and abuse teams work tirelessly to continue to make our organization and our products more secure, so your transfer ends up exactly where you intended, and nowhere else.

Safety doesn’t end with your relationship to us. It’s also about the company you keep, and we work hard to make sure your neighbours on WeTransfer stay classy. We constantly monitor for phishing, spam and other types of malicious content. When we detect such material we immediately remove it from our platform. We also monitor for anomalies in user behaviour to stop hackers in their tracks. And if that wasn’t enough, all of this is done by automated systems using powerful heuristics, so there’s never another pair of (human) eyes on your files.

The security landscape is changing every day and we continue to change with it – so you can send your files with peace of mind.

Interested in joining us at WeTransfer?

Related articles

Build your own role-playing game: the business continuity plan drill

Disasters threatening a business’ ability to operate core functions don’t occur that often (phew!), but we do want to ensure we are prepared to keep our business running if they do. To practice disaster response skills, we run business continuity drills, and you can too with our 10-step plan!

Read More →

Threat intelligence sharing

This spike was linked to a sophisticated attack that attempted to abuse our platform in order to send out approximately 6000 transfers with malicious content in a short period of time.

Read More →

WeTransfer needs to be safe and secure. Simple.

Doing what it takes to solve a larger problem

Read More →