Naukri.com, a leading employment portal in India, has resolved a security flaw that inadvertently exposed recruiters’ email addresses. The vulnerability, identified recently by security researcher Lohith Gowda, impacted the mobile apps’ API for both Android and iOS, allowing access to recruiters’ email addresses when they viewed candidate profiles. Notably, the company’s main website was unaffected.
Gowda explained the potential risks, highlighting that these exposed email addresses could facilitate targeted phishing attempts, subject recruiters to spam emails, and possibly result in the information being harvested for public breach databases and automated abuse schemes.
After reviewing the issue, Naukri confirmed to TechCrunch that the problem had been rectified earlier in the week. Alok Vij, head of IT infrastructure at InfoEdge, Naukri’s parent company, reassured that all necessary measures have been implemented to strengthen and update their security systems. He also added that there had been no evidence found of unauthorized activities affecting data integrity.
Founded in 1997, Naukri.com remains India’s premier recruitment website, connecting employers, recruiters, and job seekers. The company also operates Naukrigulf.com for the Middle Eastern job market.
Vij highlighted that certain recruiter profile features are intentionally public, designed to allow users transparency regarding who accesses their profiles. He additionally stated that Naukri conducts regular security assessments and audits to maintain data protection and privacy.
