Naukri.com Fixes Bug Exposing Recruiter Email Addresses
Recently, Naukri.com, a well-known Indian employment website, addressed a critical bug that inadvertently exposed the email addresses of recruiters utilizing its platform to search for and recruit talent online. The security flaw was brought to light by researcher Lohith Gowda, who discovered that the API being used on Naukri’s Android and iOS apps was the source of the issue. This API inadvertently revealed the email addresses of recruiters when they visited the profiles of potential candidates on the platform. Fortunately, the bug did not impact Naukri’s website itself.
Gowda expressed concerns about the potential risks associated with the exposed recruiter email IDs, noting that they could be exploited for targeted phishing attacks or result in an influx of unsolicited emails and spam. Furthermore, there was a possibility that these email addresses could be added to public breach databases or spam lists, potentially leading to automated bot abuse or scams.
After receiving details about the bug from the researcher, JS verified the exposure. Subsequently, Naukri promptly addressed the issue earlier this week, as confirmed by both Gowda and the company itself.
Alok Vij, the IT infrastructure head at Naukri’s parent company InfoEdge, assured that all necessary enhancements had been implemented to safeguard user data. He emphasized the importance of keeping their systems updated and resilient to prevent any unauthorized access or data breaches.
Established in March 1997, Naukri.com has become a prominent classified recruitment platform in India, facilitating connections between recruiters, employers, and job seekers. Additionally, Naukri operates in the Middle East under the name Naukrigulf.com.
Vij highlighted that certain features of recruiter profiles are intentionally made public to provide transparency regarding who has access to their profiles. Regular audits and security assessments are conducted to ensure the ongoing integrity and privacy of user data.
