Naukri.com Addresses Security Flaw Exposing Recruiter Email Addresses

Vulnerability Discovered in Mobile Application API

Naukri.com, a leading employment platform in India, has resolved a significant security vulnerability that compromised the email addresses of recruiters utilizing its mobile applications. The issue, identified by security researcher Lohith Gowda, stemmed from the application programming interface (API) used in Naukri’s Android and iOS apps. This flaw allowed recruiters to inadvertently expose their email addresses while interacting with candidate profiles on the platform. Notably, Naukri’s main website was not affected by this security breach.

Risks Associated with Exposed Email Addresses

Gowda emphasized the potential risks posed by the exposed email IDs, which can facilitate targeted phishing attacks and lead to an influx of unsolicited emails and spam for recruiters. He expressed concerns that these compromised addresses could end up in public breach databases or spam lists, increasing the risk of automated bot disturbances and scams.

Following the discovery, TechCrunch verified the flaw after Gowda provided detailed information. The researcher confirmed that the vulnerability was rectified earlier this week, a statement later corroborated by Naukri on Friday.

Commitment to Security and User Data Integrity

In a communication with TechCrunch, Alok Vij, head of IT infrastructure at Naukri’s parent company InfoEdge, assured users that all necessary enhancements have been implemented to fortify their systems. "Our teams have not detected any unusual activity affecting the integrity of user data," Vij stated via email.

Founded in March 1997, Naukri.com stands as India’s premier classified recruitment website, acting as a connector for recruiters, employers, and job seekers alike. The platform also extends its services to the Middle East under the name Naukrigulf.com.

Vij further explained, "Certain features of our recruiter profiles are intentionally public to allow users to see who has access to their profiles. We conduct regular audits and security assessments to maintain platform integrity."

Conclusion

Naukri.com’s proactive response to the identified security issue reflects its commitment to user safety and data protection. As the platform continues to evolve, it remains a vital resource for job seekers and recruiters, facilitating career opportunities across India and beyond.