Privacy Vulnerabilities In Coursera, Including Exposed Student Email Addresses

An anonymous reader writes Coursera, the online education platform with over 9 million students, appears to have some serious privacy shortcomings. According to one of Stanford's instructors, 'any teacher can dump the entire user database, including over nine million names and email addresses.' Also, 'if you are logged into your Coursera account, any website that you visit can list your course enrollments.' The attack even has a working proof of concept [note: requires Coursera account]. A week after the problems were reported, Coursera still hasn't fixed them.

My personal data was leaked by Coursera

[aBaldrich]

Back on Jul 17 an email arrived to my gmail inbox. Subject: "Earn an LL.M. in the United States in Less Than A Year". Sent by UF Levin College of Law, they spammed me and lots of courserans about a program "designed exclusively for graduates of law schools outside of the United States and from the U.S. Commonwealth of Puerto Rico who want to enhance their understanding of the laws and legal language and culture of the United States of America."
The distribution list did not ask for permission or confirmation. The design errors didn't stay there: anyone could reply to the list and have the messages forwarded. In less then two hours, 47 angry students from around the world complained and asked each other to send an email to Coursera. Which I did. I only got an automated reply, and never heard back from them.

from: Jesse *, Jr.
reply-to: "Jesse *, Jr."
to:COURSERALAW-L@lists.ufl.edu
date: 17 July 2014 15:20