Naukri.com Addresses Security Concerns After Bug Exposes Recruiters’ Email Addresses
Naukri.com, a well-known Indian job search website, recently took action to fix a bug that inadvertently revealed the email addresses of recruiters using its platform to scout for talent online.
The security flaw was brought to light by researcher Lohith Gowda, who uncovered a vulnerability in the API utilized by Naukri’s Android and iOS applications. This API inadvertently exposed the email addresses of recruiters who were viewing profiles of potential candidates on the platform. Fortunately, this issue did not impact the website itself.
Gowda expressed concerns about the potential risks associated with the exposed email addresses, stating that they could be exploited for targeted phishing attacks or result in an influx of unsolicited emails and spam for recruiters. Additionally, there was a risk of the email addresses being added to public breach databases or spam lists, potentially leading to automated bot abuse or scams.
Upon receiving details about the bug from the researcher, JS verified the exposure. Subsequently, Naukri acted promptly to rectify the issue, with the fix being implemented earlier in the week as confirmed by both Gowda and the company.
Alok Vij, the IT infrastructure head at InfoEdge, Naukri’s parent company, assured that necessary enhancements had been made to bolster the platform’s security measures. He emphasized that there had been no unusual activity detected that could compromise user data integrity.
Established in March 1997, Naukri.com is a prominent classified recruitment website in India, facilitating connections between recruiters, employers, and job seekers. The platform also operates in the Middle East under the name Naukrigulf.com.
Vij highlighted that certain features of recruiter profiles are intentionally made public to provide transparency to users regarding who has access to their information. He underscored the company’s commitment to conducting regular audits and security assessments to uphold data protection standards.
Overall, Naukri.com’s response to the security incident underscores the importance of proactive measures in safeguarding user information and maintaining a secure online environment for all stakeholders involved.