Naukri.com, a popular Indian job website, just recently fixed a bug that allowed the exposure of recruiters’ email addresses while using the platform to find and hire talent online. The bug, spotted by security researcher Lohith Gowda, impacted the API utilized by Naukri on its Android and iOS apps. This API made it possible for the email addresses of recruiters browsing through potential candidates’ profiles on Naukri to be revealed. Luckily, the bug did not affect the company’s website, so that’s a relief.
The researcher, Gowda, expressed concerns about the potential risks that this exposure could pose. He mentioned that the exposed email IDs could be utilized for targeted phishing attempts, leading to recruiters receiving unwanted spam emails. Additionally, these email addresses could end up in public breach databases or spam lists, paving the way for automated bot abuse or scams. TechCrunch was able to confirm the issue after the researcher shared the bug details, and it was subsequently fixed earlier this week, as confirmed by Naukri on Friday.
Naukri.com, established in March 1997, is India’s leading classified recruitment website, connecting recruiters, employers, and job seekers. In addition to its presence in India, the platform also operates in the Middle East under the name Naukrigulf.com. Alok Vij, the IT infrastructure head at Naukri’s parent company InfoEdge, assured TechCrunch via email that all necessary enhancements have been implemented to ensure the system’s security. Vij mentioned that there have been no abnormal activities detected that could compromise user data integrity.
Now, I’m not really sure why this matters, but it seems like Naukri.com took some necessary steps to address the bug issue that exposed recruiters’ email addresses. The fact that this bug didn’t affect the website but only the mobile apps is kind of interesting. Maybe it’s just me, but it’s good to know that the problem was fixed after the researcher brought it to light. It’s essential to keep user data safe, especially in a platform like Naukri that deals with sensitive job-related information.
It’s worth noting that Naukri.com’s recruiter profiles have certain public features to let users know who has access to their profiles. This transparency is crucial for maintaining trust between the platform and its users. The company conducts regular security audits and assessments to ensure that data remains protected. With the bug now fixed and necessary security measures in place, Naukri.com can continue its operations smoothly, providing a reliable service for recruiters, employers, and job seekers alike.
