The CITE, a blog published by the National Association of College Stores, takes a look at the intersection of education and technology, highlighting issues that range from course materials to learning delivery to the student experience. Comments, discussion, feedback, and ideas are welcome.

Friday, September 12, 2014

Coursera Is Quick to Fix Possible Breach

While preparing to teach Stanford Law’s first Coursera class, the instructor stumbled across a potential breach that could have knocked Apple’s issues with a hack of iCloud security and compromising photos of entertainers out of the headlines. Jonathan Mayer, a computer scientist and lawyer, while setting up his massive open online course, was able to gain access to nine million Coursera names and email addresses.

In a blog post, Mayer wrote that: 
  • Any teacher can dump the entire user database, including over nine million names and email addresses.
  • Once logged into your Coursera account, any website that you visit can list your course enrollments.
  • Coursera’s privacy-protecting user IDs don’t protect much. 

Mayer alerted Coursera, which addressed the issues immediately and sent an apology to its users. Once the patches were completed, Mayer found plenty of improvements, but problems still exist.

“The bad news is that anyone with teacher access can still look up any individual student’s contact information, so long as he or she either knows the student’s internal ID (it’s embedded in many pages) or can guess a distinctive part of the student’s email address (maybe try first initial last name?),” he said. “That’s a questionable security model, and it’s potentially inconsistent with Coursera’s privacy policy.”

No comments: