Our mission at TransferWise is to give you cheap, convenient, and instant money transfers. At the heart of this is trust and transparency — you should trust us to keep your money safe. And you should know exactly how we’re doing that. So, we’d like to update you on what the Security Team has been doing recently. We’ll also be sharing some tips on keeping your account safe.
We’re constantly investing in security, and we proactively protect your account from unauthorised access. As part of this, we’ve started checking for lists of email addresses and passwords that are posted online, and available to the public. They usually get there because they’ve been stolen during security breaches on other websites.
Recently, we checked a publicly-available list of email and password combinations that were exposed during data breaches on other websites. We identified a few thousand sets of login details that also work on TransferWise.
Instead, it indicates that some customers are using their TransferWise login details across multiple websites — including sites that have been breached in the past. To keep those customers safe, we reset their passwords, and let them know via email. They’ll need to reset their password the next time they log into TransferWise.
Our Security Team work (literally) around the clock to keep your account safe. But there are some extra things that you can do personally to make your account even safer.
Firstly, you can set a strong password that you only use on TransferWise. An online password manager — like 1Password or LastPass — can help you generate and store secure, unique passwords that make hackers’ lives harder.
Secondly, TransferWise offers 2-step login. This adds an extra layer of security to your account. As well as entering your password, you’ll need to enter a unique security code that’s sent to a personal device (like a phone or tablet), every time you log in. This makes it even harder for someone who’s not you to access your account.
To learn more about 2-step login, visit the ‘Settings’ tab in your TransferWise profile. Then, choose ‘2-step login’ and follow the instructions.
As part of this investigation, and future investigations like it, we’ll never share your email address with third parties. We also won’t try and identify which breach was responsible for leaking your information. If you’re interested in this, you can visit HaveIBeenPwned. It’s a reputable site for tracking breaches that might have exposed your personal information.
We take the trust our customers have placed in us seriously. So if you’ve got any questions or concerns about how we keep your account safe, get in touch on firstname.lastname@example.org. We’re always happy to help.