You may have read in the press that Cloudflare - a service provider that Wise uses - was affected by a bug. That bug meant some of Cloudflare’s customer data was exposed.
As soon as we were aware of this, we got in touch with CloudFlare to establish whether Wise data was affected. We also launched our own checks.
We’ve done a full investigation alongside Cloudflare, and we are confident that Wise customer data is safe. We've included a detailed explanation at the bottom of this post.
What does Wise do to protect customer data?
We’ve got a specialised, in-house team that look after security. It’s their job to keep customer data watertight. They continually review and update our processes to ensure the integrity of our platform.
On top of that, we’re constantly monitoring and testing all of our services. This makes sure that our customers’ data is secure - and always protected. Plus, all communications between customer devices and our platforms are encrypted.
You can read more about our security systems on our FAQs.
Do I need to change my Wise password?
No, you don’t need to. But this is a good time to recap on some password best practice:
Make sure it’s strong - a strong password is long, made up of numbers and symbols, as well as both uppercase and lowercase letters.
Use different passwords across different websites and services - this means that if someone who isn’t you gets your password, they can only use it on one website.
We thought we'd share some of the background to how we deal with technical issues like the Cloudflare bug that was reported overnight.
It’s an extremely serious issue. There’s also a lot of wild speculation around - especially on social media. So we thought some readers would be interested in the facts.
The Wise team became aware of the Cloudflare bug early this morning. We immediately got in touch with CloudFlare to find out how our services were affected. We also began our own investigation.
What was the issue?
It’s important to note the nature of the leaks. At its peak, roughly 1 in every 3.3 million requests had the potential to leak into someone else's session. These leaks would often result in being rendered in a browser as meaningless characters in the bottom of the screen.
There’s no evidence that anyone was harvesting this transient leaked data for malicious purposes. But the internet has a ‘memory’ in the form of caches maintained mainly by search engines.
In the time between being informed of the bug and it being made public, Cloudflare has been constantly searching these caches for any of the inadvertently leaked information. The greatest threat (given that the bug itself was fixed) was for someone to harvest the leaked data from these caches.
What’s the outcome?
Both the Cloudflare and Wise teams are confident that no identifiable Wise or Wise customer data was found in these caches.
Some of our partners also use Cloudflare. So as a precaution, we’ve reset any credentials that we use to connect to those partners and service providers, such as API tokens. We’ve done this because these credentials are used repeatedly, and that means they’re statistically more likely to have been leaked.
We’ll be closely monitoring this situation over the coming days and weeks. And if you’ve got any questions at all, you can get in touch with us. We're happy to answer your questions.
Welcome to our quarterly trading update blog post where we will be going through our mission and financial highlights from the last three months, April to...
A fraudster had convinced Terry they were calling from his bank. They knew his name and address, their phone number even matched the one on the back of his...
What is the gender pay gap? Since 2017, companies with more than 250 employees in the UK have had to report a series of figures annually on the 5 April, as a...
Welcome to our quarterly trading update blog post where we will be going through our mission and financial highlights from the last three months, October to...
Over the past year, we started our journey as a public company. But our mission has remained the same. Taavet and I started Wise because the international...
Over a decade ago, Kristo and I were outraged by the sky-high fees banks charged us to transfer money between the UK and Estonia. So we started a Skype chat...