Courserians, we are writing about a topic we take very seriously – user privacy. As some of you may have seen, Stanford instructor and security expert Jonathan Mayer, who teaches a course on Coursera, recently uncovered some security vulnerabilities in the Coursera website.
Before we go into any details, let us emphasize the most important points:
Partner Trust and Learner Security
The Coursera platform is built with our trusted partners in mind – instructors, administrators, and institutions who work closely with us to deliver online courses to learners around the world. Our approach has enabled everyone to work efficiently, experiment with innovative ways to teach, and create the best educational experience for Coursera learners.
In developing Coursera, we have also worked diligently to protect learner data from external attackers on the internet. We have enlisted third-party security consultants to help us evaluate and improve the security of our systems against external attackers. However, given our partnership philosophy, we have focused less effort on deflecting malicious attacks that might be made by one of our trusted partners. This has left open some gaps, such as the one recently uncovered by Dr. Mayer. As we continuously improve our platform, we are actively developing systems to provide a better balance between enabling our partners to innovate freely, but also securely.
We deeply apologize to our learners for any potential risk to their privacy. In our investigation, we have found no reason to believe that our learners’ personal information has been abused. Our team responded immediately to Dr. Mayer’s report, and has now closed off the vulnerabilities that were uncovered. We continue to monitor and improve our platform to provide the best and safest experience to all learners.
Thank you, to all learners and to our valued partners, for the continued support and confidence in Coursera. We look forward to continuing to offer high quality education, free to everyone.
Brennan Saeta
Information Security Officer, Coursera Infrastructure Team