Naukri.com Bug Exposed Recruiter Emails: Security Risk Fixed

Naukri.com Patches Security Flaw Exposing Recruiter Emails

Naukri.com, a leading Indian job portal, recently addressed a security vulnerability that exposed the email addresses of recruiters using its mobile applications.

Security researcher Lohith Gowda discovered the flaw in the API used by Naukri's Android and iOS apps. This API inadvertently revealed recruiter email addresses when they viewed candidate profiles. The vulnerability did not affect the Naukri.com website.

Potential Risks of the Exposed Emails

Gowda explained to TechCrunch that the exposed emails could have been targeted for phishing attacks or spam campaigns. He also noted the risk of the emails being added to breach databases or spam lists, potentially leading to further abuse.

TechCrunch verified the vulnerability after Gowda disclosed the details. The issue has since been resolved, confirmed by both Gowda and Naukri.com earlier this week.

“All identified enhancements are implemented, ensuring our systems remain updated and resilient,” stated Alok Vij, IT infrastructure head at InfoEdge, Naukri.com's parent company, in an email to TechCrunch. “Our teams have not detected any unusual activity that affects the integrity of user data.”

Naukri.com's Response and Security Measures

Naukri.com, founded in 1997, is a prominent online recruitment platform in India and the Middle East. The company emphasizes its commitment to security and regular audits.

Vij added, “Certain features of our recruiter profiles are designed to be public to enable users to know who has access to their profile(s). We conduct regular audits and security assessments.”

The swift action taken by Naukri.com to address this vulnerability underscores the importance of ongoing security vigilance in the online recruitment space.