All sizes | Photo - Lockers Galore | Flickr - Photo Sharing!
"If you are logged into your Coursera account, any website that you visit can list your course enrollments.”

Coursera, one of the most popular online education platforms with over 9 million students, suffers from numerous critical privacy issues that put its students’ information at risk.

According to Stanford computer science instructor Jonathan Mayer, any teacher can access and download the entire user database, including millions of names and email addresses. In a blog post Mayer also explained that “if you are logged into your Coursera account, any website that you visit can list your course enrollments.”

Mayer outlined and even provided a working proof of concept  for the attacks that remain effective today.

Any website could theoretically take advantage of a data leak in Coursera’s software to learn a student’s entire course enrollment. Mayer said Coursera has yet to respond to his report on the vulnerability, though he reported the problem last week. Coursera responded with several fixes but has yet to close the hole through which teachers can find out information about students that the pupils don’t realize they’re giving up.

To download Coursera’s user database, anyone with an instructor account can take advantage of the website’s liberal use of autocomplete, a feature meant to provide smart suggestions to users when filling in forms but, in this case, is “inadvertently sharing too much.”

“That’s a questionable security model,” he said, “and it’s potentially inconsistent with Coursera’s privacy policy.”

H/T Ashkan Soltani | Photo via flakeparadigm/Flickr (CC BY-SA 2.0)

Promoted Stories Powered by Sharethrough
Debug
YouTube is reinventing science education
Mitchell Moffit and Gregory Brown teach you everything you wish you’d learned in chemistry class: "The Scientific Power of Naps,” the benefits of frozen veggies, and "What causes a Hangover?"
The Latest From Daily Dot Video
Group

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!