All sizes | Photo - Lockers Galore | Flickr - Photo Sharing!
"If you are logged into your Coursera account, any website that you visit can list your course enrollments.”

Coursera, one of the most popular online education platforms with over 9 million students, suffers from numerous critical privacy issues that put its students’ information at risk.

According to Stanford computer science instructor Jonathan Mayer, any teacher can access and download the entire user database, including millions of names and email addresses. In a blog post Mayer also explained that “if you are logged into your Coursera account, any website that you visit can list your course enrollments.”

Mayer outlined and even provided a working proof of concept  for the attacks that remain effective today.

Any website could theoretically take advantage of a data leak in Coursera’s software to learn a student’s entire course enrollment. Mayer said Coursera has yet to respond to his report on the vulnerability, though he reported the problem last week. Coursera responded with several fixes but has yet to close the hole through which teachers can find out information about students that the pupils don’t realize they’re giving up.

To download Coursera’s user database, anyone with an instructor account can take advantage of the website’s liberal use of autocomplete, a feature meant to provide smart suggestions to users when filling in forms but, in this case, is “inadvertently sharing too much.”

“That’s a questionable security model,” he said, “and it’s potentially inconsistent with Coursera’s privacy policy.”

H/T Ashkan Soltani | Photo via flakeparadigm/Flickr (CC BY-SA 2.0)

Promoted Stories Powered by Sharethrough
Debug
YouTube is reinventing science education
Mitchell Moffit and Gregory Brown teach you everything you wish you’d learned in chemistry class: "The Scientific Power of Naps,” the benefits of frozen veggies, and "What causes a Hangover?"
data
Pornhub's traffic took a dip upon the release of Fallout 4
Pornhub collects interesting stats on its viewers using Google Analytics. On Nov. 10, the day Bethesda Games released its latest and greatest installment in the Fallout franchise, Pornhub saw a dip in its traffic of gamers. Pornhub speculates that gamers were too busy playing with their joysticks to, well, you know the rest.
Group

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!