Privacy Vulnerabilities In Coursera, Including Exposed Student Email Addresses 31
An anonymous reader writes Coursera, the online education platform with over 9 million students, appears to have some serious privacy shortcomings. According to one of Stanford's instructors, 'any teacher can dump the entire user database, including over nine million names and email addresses.' Also, 'if you are logged into your Coursera account, any website that you visit can list your course enrollments.' The attack even has a working proof of concept [note: requires Coursera account]. A week after the problems were reported, Coursera still hasn't fixed them.
My personal data was leaked by Coursera (Score:3, Interesting)
The distribution list did not ask for permission or confirmation. The design errors didn't stay there: anyone could reply to the list and have the messages forwarded. In less then two hours, 47 angry students from around the world complained and asked each other to send an email to Coursera. Which I did. I only got an automated reply, and never heard back from them.
from: Jesse *, Jr.
reply-to: "Jesse *, Jr."
to:COURSERALAW-L@lists.ufl.edu
date: 17 July 2014 15:20
As someone who works with educational data (Score:2, Interesting)
As someone who works with educational data in higher education, I am completely unsurprised. Coming from an IT background, almost no one in education cares about data security - and no one understands FERPA anyway - and it's a miracle this hasn't happened more.
There's a lot more data out there than there used to be, and very few (if any) of the business software packages used in education seem to have the necessary granularity needed to give people access to only the data they need.