Jonathan Mayer, a computer scientist and lawyer, is teaching Stanford Law’s first Coursera class beginning in October. While setting everything up, he’s been “extensively poking around the platform,” and in the process he found a bunch of vulnerabilities, which he outlined them in a blog post. Now Coursera is patching them.
Mayer pointed out that any registered Coursera instructor could use the site’s autocomplete feature to access the platform’s whole user database, which includes information like names and email addresses for 9 million accounts. He also noticed that once users were logged into Coursera, third-party services could potentially access their course registration histories.
In a statement posted early Friday morning, Coursera said that it has patched the vulnerabilities:
We deeply apologize to our learners for any potential risk to their privacy. In our investigation, we have found no reason to believe that our learners’ personal information has been abused. Our team responded immediately to Dr. Mayer’s report, and has now closed off the vulnerabilities that were uncovered. We continue to monitor and improve our platform to provide the best and safest experience to all learners.
It’s heartening that Coursera reacted so quickly to fix the security flaws, but it is a little strange that in its statement Coursera admits to “focus[ing] less effort on deflecting malicious attacks that might be made by one of our trusted partners.” It makes sense to assume that a partner in good standing won’t itself initiate an attack, but leaving data exposed that should be private is problematic no matter what. A malicious hacker can exploit a “trusted partner” just as easily as an untrusted one if a vulnerability exists.
TODAY IN SLATE
Scalia’s Liberal Streak
The conservative justice’s most brilliant—and surprisingly progressive—moments on the bench.
Colorado Is Ground Zero for the Fight Over Female Voters
There’s a Way to Keep Ex-Cons Out of Prison That Pays for Itself. Why Don’t More States Use It?
The NFL Explains How It Sees “the Role of the Female”
The Music Industry Is Ignoring Some of the Best Black Women Singing R&B
Theo’s Joint and Vanessa’s Whiskey
No sitcom did the “Very Special Episode” as well as The Cosby Show.
The Other Huxtable Effect
Thirty years ago, The Cosby Show gave us one of TV’s great feminists.