Naukri.com, India’s leading job platform, addressed a security flaw that exposed the email addresses of recruiters using its mobile app. The vulnerability was discovered in the API used by Naukri’s Android and iOS apps, which revealed recruiter email addresses when they viewed candidate profiles.
The issue did not impact the website and was limited to mobile applications.
Security researcher Lohith Gowda identified the bug and warned that exposed recruiter emails could be targeted for phishing attacks and added to spam or breach databases. This exposure could also lead to large-scale scraping and abuse by automated bots. TechCrunch verified the findings and reported that the issue was resolved earlier in the week.
Naukri confirmed that the problem was fixed and emphasized that no abnormal activity had been detected in its systems.
Alok Vij, head of IT infrastructure at Naukri’s parent company InfoEdge, assured users that the company implemented necessary updates to ensure continued data protection and system resilience.
Founded in 1997, Naukri.com is a top job site in India and also operates in the Middle East through Naukrigulf.com. The company stated that some recruiter profile features are designed to be public, but regular audits are conducted to maintain security. This incident highlights the importance of proactive monitoring and quick response in protecting user privacy.
Reference:
