Advertisement
Tech

Online learning platform Coursera has a huge security flaw

“If you are logged into your Coursera account, any website that you visit can list your course enrollments.”

Photo of Patrick Howell O'Neill

Patrick Howell O'Neill

Article Lead Image

Coursera, one of the most popular online education platforms with over 9 million students, suffers from numerous critical privacy issues that put its students’ information at risk.

Featured Video

According to Stanford computer science instructor Jonathan Mayer, any teacher can access and download the entire user database, including millions of names and email addresses. In a blog post Mayer also explained that “if you are logged into your Coursera account, any website that you visit can list your course enrollments.”

Mayer outlined and even provided a working proof of concept  for the attacks that remain effective today.

Any website could theoretically take advantage of a data leak in Coursera’s software to learn a student’s entire course enrollment. Mayer said Coursera has yet to respond to his report on the vulnerability, though he reported the problem last week. Coursera responded with several fixes but has yet to close the hole through which teachers can find out information about students that the pupils don’t realize they’re giving up.

Advertisement

To download Coursera’s user database, anyone with an instructor account can take advantage of the website’s liberal use of autocomplete, a feature meant to provide smart suggestions to users when filling in forms but, in this case, is “inadvertently sharing too much.”

“That’s a questionable security model,” he said, “and it’s potentially inconsistent with Coursera’s privacy policy.”

H/T Ashkan Soltani | Photo via flakeparadigm/Flickr (CC BY-SA 2.0)

 
The Daily Dot