Coursera's Security Potholes

COURSER-OOPS? "A funny thing happened on the way to Coursera," writes computer scientist and Stanford law professor, Jonathan Mayer, as he prepared to teach Stanford Law's first Coursera course. Mayer uncovered some surprising security loopholes as he poked around the platform, such as: "Any teacher can dump the entire user database, including over nine million names and email addresses." The post may be a tad technical for some but is a must-read for developers. It's humbling (and disturbing) to see a company with so much clout (and funding) slip up on security protocols that EdSurge engineers say are fairly standard.

Also worthy of note: Mayer shares that "Coursera and partner institutions have taken the position that offerings on the platform are not covered by the Family Educational Rights and Privacy Act (FERPA). Online courses do not have 'students,' they have 'participants.'"

UPDATE (9/5/14): Coursera Information Security Officer, Brennan Saeta, issued a statement following Mayer's post, saying the "security gaps have already been fully addressed" and finding "no reason to believe that our learners' personal information has been abused."

Stay up to date on edtech. News, research, and opportunities - sent weekly, for free.

Who we are

EdSurge helps schools and colleges find, select and use the right technology to support all learners.
© 2011-2017 EdSurge Inc. All rights reserved. Every student succeeds.