Coursera Patched Vulnerabilities Found by a Surveillance Law Professor

The Citizen's Guide to the Future
Sept. 5 2014 12:43 PM

Coursera Patched Vulnerabilities Found by a Surveillance Law Professor

Coursera says it will step up its cybersecurity game.

Screencap from Coursera.

Jonathan Mayer, a computer scientist and lawyer, is teaching Stanford Law’s first Coursera class beginning in October. While setting everything up, he’s been “extensively poking around the platform,” and in the process he found a bunch of vulnerabilities, which he outlined them in a blog post. Now Coursera is patching them.

Mayer pointed out that any registered Coursera instructor could use the site’s autocomplete feature to access the platform’s whole user database, which includes information like names and email addresses for 9 million accounts. He also noticed that once users were logged into Coursera, third-party services could potentially access their course registration histories.


In a statement posted early Friday morning, Coursera said that it has patched the vulnerabilities:

We deeply apologize to our learners for any potential risk to their privacy. In our investigation, we have found no reason to believe that our learners’ personal information has been abused. Our team responded immediately to Dr. Mayer’s report, and has now closed off the vulnerabilities that were uncovered. We continue to monitor and improve our platform to provide the best and safest experience to all learners.

It’s heartening that Coursera reacted so quickly to fix the security flaws, but it is a little strange that in its statement Coursera admits to “focus[ing] less effort on deflecting malicious attacks that might be made by one of our trusted partners.” It makes sense to assume that a partner in good standing won’t itself initiate an attack, but leaving data exposed that should be private is problematic no matter what. A malicious hacker can exploit a “trusted partner” just as easily as an untrusted one if a vulnerability exists.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.



Slate Plus Early Read: The Self-Made Man

The story of America’s most pliable, pernicious, irrepressible myth.

Rehtaeh Parsons Was the Most Famous Victim in Canada. Now, Journalists Can’t Even Say Her Name.

Mitt Romney May Be Weighing a 2016 Run. That Would Be a Big Mistake.

Amazing Photos From Hong Kong’s Umbrella Revolution

Transparent Is the Fall’s Only Great New Show

The XX Factor

Rehtaeh Parsons Was the Most Famous Victim in Canada

Now, journalists can't even say her name.


Lena Dunham, the Book

More shtick than honesty in Not That Kind of Girl.

What a Juicy New Book About Diane Sawyer and Katie Couric Fails to Tell Us About the TV News Business

Does Your Child Have Sluggish Cognitive Tempo? Or Is That Just a Disorder Made Up to Scare You?

  News & Politics
Sept. 29 2014 10:00 PM “Everything Must Change in Italy” An interview with Italian Prime Minster Matteo Renzi.
Sept. 29 2014 7:01 PM We May Never Know If Larry Ellison Flew a Fighter Jet Under the Golden Gate Bridge
Dear Prudence
Sept. 29 2014 3:10 PM The Lonely Teetotaler Prudie counsels a letter writer who doesn’t drink alcohol—and is constantly harassed by others for it.
  Double X
The XX Factor
Sept. 29 2014 1:52 PM Do Not Fear California’s New Affirmative Consent Law
  Slate Plus
Slate Fare
Sept. 29 2014 8:45 AM Slate Isn’t Too Liberal, but … What readers said about the magazine’s bias and balance.
Brow Beat
Sept. 29 2014 9:06 PM Paul Thomas Anderson’s Inherent Vice Looks Like a Comic Masterpiece
Future Tense
Sept. 29 2014 11:56 PM Innovation Starvation, the Next Generation Humankind has lots of great ideas for the future. We need people to carry them out.
  Health & Science
Bad Astronomy
Sept. 29 2014 12:01 PM This Is Your MOM’s Mars
Sports Nut
Sept. 28 2014 8:30 PM NFL Players Die Young. Or Maybe They Live Long Lives. Why it’s so hard to pin down the effects of football on players’ lives.