Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on September 5, 2014

    Online learning platform Coursera fixes vulnerabilities, says no user data was compromised

    Online learning platform Coursera fixes vulnerabilities, says no user data was compromised
    Jon Russell
    Story by

    Jon Russell

    Jon Russell was Asia Editor for The Next Web from 2011 to 2014. Originally from the UK, he lives in Bangkok, Thailand. You can find him on T Jon Russell was Asia Editor for The Next Web from 2011 to 2014. Originally from the UK, he lives in Bangkok, Thailand. You can find him on Twitter, Angel List, LinkedIn.

    Online learning platform Coursera said it has patched a vulnerability that left the names and email address of its nine million registered users potentially accessible to teachers registered with the service.

    The issue was raised by Stanford professor Jonathan Mayer. A registered teacher on Coursera himself, Mayer found that the site’s use of autocomplete left its database exposed to a potential data dump using the same technique as Weev’s infamous incident with AT&T.

    In addition, Mayer’s research suggested that third party websites could be manipulated to gain access to a Coursera’s student’s course registration history. The professor also raised issues with the company’s confusing ID privacy policy.

    Screenshot 2014-09-05 19.09.15

    Coursera apologized for the issues in a blog post which confirmed it had “closed off the vulnerabilities that were uncovered” and worked with Mayer after he contacted them. That said, an investigation “found no reason to believe that these vulnerabilities were abused,” the company added.

    Coursera stressed that it has worked with security professions while developing its site, but it had “focused less effort” on potential issues that would involve trusted partners such as teachers. That excuse seems rather flimsy given that the company has raised some $85 million (from a range of investors that include the World Bank and Yuri Milner’s DST Group), and the fact that these holes were fixed in a matter of days.

    Image via Yuko Honda / Flickr