Researchers say Naukri revealed recruiter emails
The issue was discovered by Lohith Gowda of the security research firm, and affected Naukri’s Android and iOS applications. The API exposed email addresses of recruiters who visited profiles of potential candidates in Naukri’s system. The issue did not appear to affect the company’s website.
“The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam,” Gowda told TechCrunch.
He added that exposed email IDs could be added to public breach databases or spam lists, and mass email address scraping could lead to automated bot abuse or scams.
TechCrunch verified the exposure after the researcher shared details about the bug. TechCrunch confirmed that the bug was fixed this week. Naukri also confirmed it on Friday. “Our teams have not detected any usual activity that affects the integrity of user data.”
Founded in March 1997, Naukri.com is India’s top classified recruitment website, helping connect recruiters, employers, and job seekers. Apart from India, the site exists in the Middle East as Naukrigulf.com.
“Certain features of our recruiter profiles are designed to be public to enable users to know who has access to their profile(s). “We conduct regular audits, and we assess security,” Vij said.
