In an embarrassing security incident, the WeTransfer file sharing service announced that for two days it was sending it's users shared files to the wrong people. As this service is used to transfer what are considered private, and potentially sensitive files, this could be a big privacy issue for affected users.

WeTransfer posted a security notice on their web site that some accounts were logged out and had their passwords reset to protect their accounts and that they blocked access to the Transfer links that were involved in the incident. They did not, though, provide any further details on how this happened in the first place.

"This incident took place on June 16th and 17th, and upon discovery, we immediately took precautionary security measures to protect our users," stated WeTransfer's security notice. "This means that users might have been logged out of their account or asked to reset their password in order to safeguard their account. Additionally, we have blocked Transfer links to ensure the security of our users’ Transfers."
If this was simply a programming mistake on WeTransfer's end, it is peculiar that they had to reset user's passwords or felt the need to protect them. This could indicate a more serious issue, such as a breach of their network.

Link to the security notice: https://wetransfer.pr.co/178267-security-notice


Source: https://www.bleepingcomputer.com/news/se...ng-people/