Naukri Data Breach: Recruiter Emails Exposed

Naukri Addresses Email Exposure Bug

Naukri, a widely used job platform in India, has resolved a security vulnerability. This flaw inadvertently revealed the email addresses of recruiters to others utilizing the site for talent acquisition.

The problem was identified by security researcher Lohith Gowda and centered around an API used by Naukri’s mobile applications for both Android and iOS. This API allowed access to the email addresses of recruiters when they viewed candidate profiles.

Details of the Vulnerability

Notably, the company’s primary website was not impacted by this issue. The exposure was limited to the mobile app functionality.

According to Gowda, the exposed email addresses could be exploited for malicious purposes. Specifically, they could be used in focused phishing campaigns.

He further explained to TechCrunch that the compromised email IDs could also be incorporated into publicly available databases of data breaches or added to spam distribution lists.

Mass collection of these email addresses could facilitate automated bot activity and various types of scams.

Verification and Resolution

TechCrunch independently confirmed the existence of the vulnerability after receiving details from Gowda.

Gowda subsequently verified to TechCrunch that the issue had been successfully addressed earlier in the week, a confirmation that Naukri also provided on Friday.

“All necessary improvements have been implemented, guaranteeing that our systems are current and secure,” stated Alok Vij, head of IT infrastructure at InfoEdge, Naukri’s parent company, in an email to TechCrunch.

Vij added that their security teams have not observed any unusual activity suggesting a compromise of user data.

About Naukri

Established in March 1997, Naukri.com is the leading online recruitment platform in India. It facilitates connections between recruiters, employers, and job seekers.

The platform also operates in the Middle East under the name Naukrigulf.com.

“Certain aspects of our recruiter profiles are intentionally public to allow users to identify who has accessed their information,” Vij explained. “We consistently perform audits and security evaluations to maintain a robust security posture.”

Regular security assessments are conducted to ensure the ongoing protection of user data.