Naukri.com had a bug that exposed email addresses of recruiters
What's the story
Indian employment platform, Naukri.com, has successfully patched a security flaw that unknowingly exposed the email addresses of its recruiters.
The issue was flagged by cybersecurity expert Lohith Gowda, who found it in the API used on both Android and iOS apps of the site.
This bug didn't affect Naukri's website but posed potential risks to recruiter privacy and security.
Security concerns
Potential risks associated with the exposed email addresses
Gowda warned that the compromised recruiter email IDs could be used for phishing attacks, resulting in an influx of unsolicited emails and spam.
He also cautioned about the potential misuse of these exposed email IDs, which could be added to public breach databases or spam lists.
This mass scraping of email addresses could also lead to automated bot abuse or scams.
Resolution
Firm acknowledges and fixes the issue
TechCrunch verified the exposure after Gowda shared details of the bug.
The researcher confirmed to the publication that Naukri.com had fixed the issue earlier this week, a claim that was later validated by the company.
Alok Vij, IT Infrastructure Head at InfoEdge (Naukri's parent company), said in an email to TechCrunch that "all identified enhancements are implemented, ensuring our systems remain updated and resilient."
Company profile
Naukri.com: A leading recruitment platform
Founded in March 1997, Naukri.com is India's premier recruitment platform, connecting recruiters with job seekers across sectors. The site also operates in the Middle East under the name Naukrigulf.com.
Vij emphasized that certain features of recruiter profiles are intentionally public to let users know who has access to their profiles, and assured regular audits and security assessments are conducted by the company.