Coursera's Security Potholes

Data Privacy

Coursera's Security Potholes

Sep 4, 2014

COURSER-OOPS? "A funny thing happened on the way to Coursera," writes computer scientist and Stanford law professor, Jonathan Mayer, as he prepared to teach Stanford Law's first Coursera course. Mayer uncovered some surprising security loopholes as he poked around the platform, such as: "Any teacher can dump the entire user database, including over nine million names and email addresses." The post may be a tad technical for some but is a must-read for developers. It's humbling (and disturbing) to see a company with so much clout (and funding) slip up on security protocols that EdSurge engineers say are fairly standard.

Also worthy of note: Mayer shares that "Coursera and partner institutions have taken the position that offerings on the platform are not covered by the Family Educational Rights and Privacy Act (FERPA). Online courses do not have 'students,' they have 'participants.'"

UPDATE (9/5/14): Coursera Information Security Officer, Brennan Saeta, issued a statement following Mayer's post, saying the "security gaps have already been fully addressed" and finding "no reason to believe that our learners' personal information has been abused."

Learn more about EdSurge operations, ethics and policies here. Learn more about EdSurge supporters here.

More from EdSurge

Get our email newsletterSign me up
Keep up to date with our email newsletterSign me up