Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Bug Cloud Databases Education Privacy

Privacy Vulnerabilities In Coursera, Including Exposed Student Email Addresses 31

Posted by timothy from the don't-I-know-you-from-the-semiotics-class? dept.
An anonymous reader writes Coursera, the online education platform with over 9 million students, appears to have some serious privacy shortcomings. According to one of Stanford's instructors, 'any teacher can dump the entire user database, including over nine million names and email addresses.' Also, 'if you are logged into your Coursera account, any website that you visit can list your course enrollments.' The attack even has a working proof of concept [note: requires Coursera account]. A week after the problems were reported, Coursera still hasn't fixed them.
This discussion has been archived. No new comments can be posted.

Privacy Vulnerabilities In Coursera, Including Exposed Student Email Addresses More

Privacy Vulnerabilities In Coursera, Including Exposed Student Email Addresses

Comments Filter:

  • My personal data was leaked by Coursera (Score:3, Interesting)

    by aBaldrich ( 1692238 ) on Thursday September 04, 2014 @03:48PM (#47829353)
    Back on Jul 17 an email arrived to my gmail inbox. Subject: "Earn an LL.M. in the United States in Less Than A Year". Sent by UF Levin College of Law, they spammed me and lots of courserans about a program "designed exclusively for graduates of law schools outside of the United States and from the U.S. Commonwealth of Puerto Rico who want to enhance their understanding of the laws and legal language and culture of the United States of America."
    The distribution list did not ask for permission or confirmation. The design errors didn't stay there: anyone could reply to the list and have the messages forwarded. In less then two hours, 47 angry students from around the world complained and asked each other to send an email to Coursera. Which I did. I only got an automated reply, and never heard back from them.

    from: Jesse *, Jr.
    reply-to: "Jesse *, Jr."
    to:COURSERALAW-L@lists.ufl.edu
    date: 17 July 2014 15:20

  • As someone who works with educational data (Score:2, Interesting)

    by Anonymous Coward on Thursday September 04, 2014 @04:12PM (#47829535)

    As someone who works with educational data in higher education, I am completely unsurprised. Coming from an IT background, almost no one in education cares about data security - and no one understands FERPA anyway - and it's a miracle this hasn't happened more.

    There's a lot more data out there than there used to be, and very few (if any) of the business software packages used in education seem to have the necessary granularity needed to give people access to only the data they need.

Slashdot Top Deals

Living on Earth may be expensive, but it includes an annual free trip around the Sun.

Close