Naukri.com, one of India’s leading job search platforms, has addressed a security vulnerability that exposed recruiters’ email addresses to potential misuse. This issue was discovered by security researcher Lohith Gowda, who identified a flaw in the API used by Naukri’s Android and iOS apps. Fortunately, the problem did not impact the company’s main website.
The vulnerability involved the API revealing email addresses of recruiters when they visited candidate profiles on the app. This exposed information could be exploited for targeted phishing attacks, spam, or added to public breach databases, increasing the risk of scam campaigns and automated bot abuse. Gowda warned that such exposure might lead to unwanted emails and potential scams targeting recruiters.
After verifying the issue, TechCrunch confirmed that Naukri swiftly fixed the bug earlier this week. Naukri’s parent company, InfoEdge, reassured users that all necessary security enhancements have been implemented, and no unusual activity affecting user data has been detected.
Founded in 1997, Naukri.com remains India’s premier platform for connecting job seekers with recruiters and employers. The site also operates in the Middle East under Naukrigulf.com. Company officials emphasized that certain features of recruiter profiles are intentionally public to facilitate transparency, and they conduct regular security audits to protect user data.
Stay informed about the latest in cybersecurity and online safety by ensuring your favorite job portals maintain robust security measures.
