![]() ![]() What happened with WeTransfer is not an isolated incident but rather, a design flaw that consistently causes data breaches across mainstream file-sharing services. While we hang tight for more information about the security incident, let’s examine a key lesson learned from this latest security fail the importance of end-to-end encryption. ![]() To start with, how many users were affected in the incident and how many people were their files shared with? Was this the result of a bug or a malicious attack?Īnd perhaps most critically, what measures will they take to prevent similar issues from happening again in the future? Unfortunately, WeTransfer’s brief statement leaves us with more questions than answers. We are still investigating the complete scope and cause of the incident, and will update further as soon as possible.” “We understand how important our users’ data is and never take their trust in our service for granted. ![]() WeTransfer finishes the security notice by reassuring users that: They also blocked all Transfer links involved in the incident.In the meantime, they logged out of user accounts and force reset passwords.WeTransfer so far is unsure what the cause of the breach is.Files shared via the service on June 16-17 reached unintended recipients, number unknown.Last Friday, the popular file-sharing service started notifying users that they suffered a ‘security incident’ during which it sent shared files to unintended recipients for two whole days:Īpart from informing impacted customers by email, WeTransfer also posted a security notice on its website disclosing the security incident. If the answer is yes, you might want to check your inbox in case you’ve received some unfortunate news from them. It does have a slightly negative community score rating however, overall the site is likely safe.Did you send any files using WeTransfer on June 16 th and 17 th last week? Moreover, VirusTotal shows no security vendors have flagged the domain as malicious. In conclusion, the site doesn’t have malware and isn’t blacklisted according to Sucuri. You can see the same here: VirusTotal scan for the site. Lastly, I ran a malware scan with VirusTotal on the domain and no security vendor has flagged the domain as malicious. However, these hardening improvements don’t impact the Sucuri grade. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src Missing Content-Security-Policy directive. Missing security header to prevent Content Type sniffing. Alternatively, you can use Content-Security-Policy: frame-ancestors ‘none’. Missing security header for ClickJacking Protection. Some hardening improvements could be made such as adding a website firewall and solving the missing security headers listed below: Sucuri’s assessment of the site is that it is a low security risk, aka it is safe. Sucuri says the site doesn’t have malware and that no associated security vendor has blacklisted the domain. You can see the same here: Sucuri scan for the site. To try to confirm that the site is clean, I also checked the site on the online malware scanner Sucuri and it returned with no issues. I also ran a system-wide scan with Microsoft Defender and no malware was found. To check this further I ran malware scans with Malwarebytes and Spybot on my computer after browsing the site and they returned no malware detection. Using the Malwarebytes Browser Guard on my Edge browser, I browsed the site without any issues. I ran malware tests to find out if is safe and legit. Since 2009, the crawling has been steady and growing slightly each year, suggesting traffic has been in steady growth since 2009. WeTransfer was crawled by the Wayback Machine for a minimal amount in 2003 and then not again until late 2009. The Wayback Machine estimates was founded on September 20, 2003. As of December 2022, the site gets an estimated 109.3 million monthly views, according to SimilarWeb. WeTransfer was founded in 2009 and is based in Amsterdam, Netherlands. WeTransfer is one of the simplest methods for sending and sharing large file sizes over the internet. WeTransfer () is a website for uploading files and sending/sharing them with others. ![]()
0 Comments
Leave a Reply. |