eBay

Hmmm.. I am under the distinct impression that this is old news re-hashed...

I am pretty sure that they closed the site over the weekend a week or two back and "fixed" it then??

No, I couldn't get tracking info yesterday and the day before for probably just under a day.

Seems sus but now a bit worried. Tracking system isn't too crash hot as it is... now we have to worry about security breaches? 😞

That article doesn't explain the (alleged) breach very well - the issue (again, allegedly 😉 ), was that once a transaction was completed via C&S, anyone could alter the URL of the site - which contains an ID number - with randomly selected numbers and bring up someone else's completed transaction details. 

And yes, this happened a couple of weeks ago, with an announcement made by AP on the 4th of October: http://www2.ebay.com/aw/au/201210.shtml#2012-10-04165630

As has been noted several times, this is old news.

Old news perhaps, but it points to a system that has had IT security issues from the beginning which are very easily preventable.  And with rising Aus Post charges, I would expect much better.  Grumpph . . .

What a huge fuss about nothing, just like most of these scaremongering articles. If the press hadn't drawn attention to the issue just how many people would have tried to do this if they hadn't read about it? I suspect zero, I suspect AP found the problem themselves and then announced it and said their would be disruptions to the service while they did so.

I have only had a  problem with click & send twice and a quick phone call sorted them out quickly and efficiently and of course it was my ineptitude that caused them in the first place.

and I suspect that now you can use paypal to pay for click and send you can expect a lot more of it

the OP mentioned unencrypted passwords

... What a huge fuss aboput nothing PJ???? are your click and send, ebay and paypal passwords (if you use paypal to pay for click and send) being sent unencrypted to and fro on the internet?

The Op says yes, and it does not bother you??...

I do not think it is names and addresses of the person who bought the frilly red knickers is the "crux" of the security breach argument but rather the passwords.

Nicola Roxon is on the right track with mandatory data breach reporting

http://theconversation.edu.au/youve-been-hacked-why-data-breach-reporting-should-be-mandatory-10220

an excerpt

Entitled “Australian Privacy Breach Notification”, the discussion paper asks whether companies and other organisations should be required to report any breaches that occur to personal data they are storing.

Only a day after Ms Roxon released the discussion paper we saw a great example of why mandatory data-breach notification is required.

On Thursday Australia Post shut down its electronic parcel tracking service after a computer malfunction exposed the personal d...

rather than having the message delivered through the media the following day

Of course, Australia Post is not alone – many large Australian companies and organisations – includi...Telstra, Defence and Medvet – have suffered data breaches in the recent past.

What Ms Roxon didn’t say was the majority of companies don’t seem to take customer privacy very seriously.

Currently, if an Australia company suffers a data or security breach, they are encouraged (but not required) to disclose the details to the Privacy Commissioner.