- the ability for bidders to change a sellers reserve (maybe it’s a feature?)
- unencrypted passwords being emailed to users who wish to reset their password
This is a commercial version of the Whaleoil scoop from last year, when I discovered the Labour Party had unencrypted access to their database through a website of theirs. Not only that, credit card information was put at risk, as was their entire email database. They blamed me for hacking, when in fact there was no hacking involved – just utterly inept website coding and a utterly contemptuous approach to security and protecting the information of others. They were more interested in attacking Pansy Wong than doing things properly. (The website with the open front door was an attack website about Pansy and her husband, which is how I found the breach in the first place).
It is alleged that Wheedle’s website is insecure because they paid peanuts for Indian coders who were sloppy.
It is far more likely that Wheedle have been using Labour Party coders.