Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on September 5, 2014

Online learning platform Coursera fixes vulnerabilities, says no user data was compromised


Online learning platform Coursera fixes vulnerabilities, says no user data was compromised

Online learning platform Coursera said it has patched a vulnerability that left the names and email address of its nine million registered users potentially accessible to teachers registered with the service.

The issue was raised by Stanford professor Jonathan Mayer. A registered teacher on Coursera himself, Mayer found that the site’s use of autocomplete left its database exposed to a potential data dump using the same technique as Weev’s infamous incident with AT&T.

In addition, Mayer’s research suggested that third party websites could be manipulated to gain access to a Coursera’s student’s course registration history. The professor also raised issues with the company’s confusing ID privacy policy.

Screenshot 2014-09-05 19.09.15

Coursera apologized for the issues in a blog post which confirmed it had “closed off the vulnerabilities that were uncovered” and worked with Mayer after he contacted them. That said, an investigation “found no reason to believe that these vulnerabilities were abused,” the company added.

Coursera stressed that it has worked with security professions while developing its site, but it had “focused less effort” on potential issues that would involve trusted partners such as teachers. That excuse seems rather flimsy given that the company has raised some $85 million (from a range of investors that include the World Bank and Yuri Milner’s DST Group), and the fact that these holes were fixed in a matter of days.

Image via Yuko Honda / Flickr

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Published
Back to top