Naukri.com, India’s leading job portals, has patched a security flaw that inadvertently exposed the email addresses of recruiters using its mobile application.
The vulnerability, discovered by cybersecurity researcher Lohith Gowda, was linked to an API used in Naukri’s Android and iOS apps. This API revealed the email addresses of recruiters whenever they viewed a candidate’s profile. Interestingly, the bug was limited to the mobile apps and did not impact users browsing through Naukri’s official website.
Speaking on the potential risks, Gowda highlighted that the leaked recruiter email IDs could be misused for targeted phishing attacks, spam, or even be harvested into public breach databases and exploited by bots and scammers.
After being alerted, the company acted swiftly to resolve the issue. Naukri confirmed the bug was fixed earlier this week. “We have implemented all necessary enhancements to ensure our systems remain secure and up-to-date,” said Alok Vij, Head of IT Infrastructure at Info Edge, Naukri’s parent company. He added that there has been no indication of any misuse or unusual activity involving user data.
Naukri.com, launched in 1997, has grown into India’s top online recruitment platform, connecting millions of job seekers with employers and recruiters. It also operates internationally under the brand Naukrigulf.com, catering to job markets in the Middle East.
While certain elements of recruiter profiles are made publicly visible to improve transparency and candidate engagement, the company assured users that regular security audits are in place to maintain data protection standards.
Source: Techcrunch
