Wheedle shuts down to fix security flaws

TradeMe competitor falters at first hurdle due to lack of software testing

Wheedle, which launched yesterday as a competitor to online auction site Trade Me, has gone into maintenance mode once again to fix several security and process flaws with its website.

An announcement sent out by Wheedle's managing director Carl Rees this afternoon says the site is closed for "a thorough update of its systems and processes".

"Operating issues were identified and our determination to ensure we can provide a level of service we are satisfied with means that we have elected to close the site until we can complete a comprehensive audit of our systems and make the necessary improvements," says Rees.

Wheedle experienced its first technical hiccup yesterday morning when its site was down for maintenance on the launch day.

It soon came to the attention of early adopters that user passwords can be retrieved by users via their emails in plain text. While this does not necessarily mean they aren't encrypted at the database level, it does mean it could be reversible.

Today the site was down for further temporary maintenance, when it was discovered that the reserve price and buy now prices of auctions could be tampered with by users other than the auctioneer.

Rees told The NBR that the entire saga has damaged Wheedle's brand.

"It's a pain in the arse. It's hurting us," says Rees.

Rees says the development of the Wheedle website was outsourced to developers in India, but maintains that was not the problem as staff were overseeing the development there.

Rees told the NBR that the problem was simply due to the deadliest of programming sins, a lack of testing.

Trade Me is a part of Fairfax Media, which publishes Computerworld.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments