Introduction Of Naukri
Naukri.com, one of India’s largest job search platforms, recently patched a security vulnerability that exposed the email addresses of recruiters using its mobile app.
Table of Contents
The issue, uncovered by security researcher Lohith Gowda, was tied to the API used by It’s Android and iOS apps. When recruiters viewed job seekers’ profiles, their email addresses were unintentionally revealed through the app’s backend. Interestingly, the bug didn’t impact users browsing through Naukri’s website — it was limited strictly to the mobile apps.
According to Gowda, the exposed email addresses could have been a goldmine for cybercriminals. “These email IDs could be targeted for phishing, spam, or even end up in breach databases,” he told TechCrunch. “There’s also a risk of bots scraping these emails for scams or unsolicited contact.”
TechCrunch independently verified the vulnerability based on the researcher’s findings. It confirmed it resolved the issue earlier this week.
“All the necessary updates have been implemented to keep our systems secure and resilient,” said Alok Vij, head of IT infrastructure at InfoEdge, Naukri’s parent company. “So far, we haven’t seen any unusual activity affecting user data.”
Founded in 1997, It has long been a go-to platform for connecting job seekers and recruiters across India and beyond. Its sister site, Naukrigulf.com, serves users in the Middle East.
In a statement, the company emphasized that certain aspects of recruiter profiles are meant to be publicly visible to improve transparency for job seekers. “We regularly perform security audits and assessments to protect our users,” Vij added.
Discover more from Digismartiens
Subscribe to get the latest posts sent to your email.
