Wheedle, which launched yesterday as a competitor to online auction site Trade Me, has gone into maintenance mode once again to fix several security and process flaws with its website.
An announcement sent out by Wheedle's managing director Carl Rees this afternoon says the site is closed for "a thorough update of its systems and processes".
"Operating issues were identified and our determination to ensure we can provide a level of service we are satisfied with means that we have elected to close the site until we can complete a comprehensive audit of our systems and make the necessary improvements," says Rees.
Wheedle experienced its first technical hiccup yesterday morning when its site was down for maintenance on the launch day.
It soon came to the attention of early adopters that user passwords can be retrieved by users via their emails in plain text. While this does not necessarily mean they aren't encrypted at the database level, it does mean it could be reversible.
Just tried a password recovery on Wheedle. Was emailed my password in plain text. Not cool. twitter.com/simantics/stat…
— Sim Ahmed (@simantics) September 30, 2012
Today the site was down for further temporary maintenance, when it was discovered that the reserve price and buy now prices of auctions could be tampered with by users other than the auctioneer.
You can buy anything for any price on Wheedle. Just visit wheedle.co.nz/Search/editpri… after viewing an auction, and set your desired reserve.
— nzben (@nzben) October 1, 2012
Rees told The NBR that the entire saga has damaged Wheedle's brand.
"It's a pain in the arse. It's hurting us," says Rees.
Rees says the development of the Wheedle website was outsourced to developers in India, but maintains that was not the problem as staff were overseeing the development there.
Rees told the NBR that the problem was simply due to the deadliest of programming sins, a lack of testing.
Trade Me is a part of Fairfax Media, which publishes Computerworld.