Naukri Fixes Recruiter Email Exposure Bug on Mobile Apps
Naukri.com resolved a security flaw in its Android and iOS app APIs that exposed recruiter email addresses when viewing candidate profiles. Discovered by researcher Lohith Gowda, the vulnerability risked targeted phishing and spam attacks. The issue did not affect the website and has been fixed with no detected misuse so far.
Naukri.com, a leading Indian employment platform, recently addressed a critical security vulnerability affecting its mobile applications. The flaw, identified by security researcher Lohith Gowda, exposed the email addresses of recruiters using Naukri’s Android and iOS apps to browse candidate profiles. This exposure occurred through an API integral to the apps’ functionality.
Unlike the mobile apps, Naukri’s website was not affected by this issue, which limited the scope of the vulnerability. However, the exposed recruiter email addresses posed significant risks, including targeted phishing attacks, spam, and potential inclusion in public breach databases. Automated scraping of these emails could also facilitate bot abuse and scams.
TechCrunch independently verified the exposure after receiving details from the researcher. Naukri confirmed that the vulnerability was fixed promptly, with enhancements implemented to strengthen system resilience. According to Alok Vij, IT infrastructure head at InfoEdge, Naukri’s parent company, no unusual activity affecting user data integrity has been detected since the fix.
Naukri.com, established in 1997, is India’s top classified recruitment website, connecting millions of recruiters and job seekers. It also operates in the Middle East through Naukrigulf.com. The platform’s recruiter profiles include public features designed to inform users about who accesses their profiles, with regular security audits conducted to maintain platform safety.
Why This Matters
This incident highlights the critical importance of securing APIs, especially those powering mobile applications that handle sensitive user data. Even well-established platforms like Naukri can face vulnerabilities that expose users to phishing and spam risks. Regular security assessments and prompt patching are essential to maintaining trust and protecting data integrity.
For recruiters and job seekers alike, this serves as a reminder to stay vigilant about the security of personal information shared online. Platforms must balance transparency with privacy, ensuring that public features do not inadvertently expose users to cyber threats.
Keep Reading
View AllApple CEO Urges Texas Governor to Veto Child Safety App Bill
Apple's Tim Cook opposes Texas bill requiring age verification and parental control on app downloads, citing privacy concerns.
Apple Challenges Texas Age Verification Bill Over Privacy Concerns
Apple opposes Texas bill requiring app stores to verify user ages, citing privacy risks and advocating federal solutions for kids' online safety.
NordVPN Review 2025 Fast Secure and Ideal for Streaming
Discover NordVPN's blazing speeds, strong privacy features, and excellent streaming support with a vast server network and intuitive apps.
AI Tools Built for Agencies That Move Fast.
QuarkyByte helps organizations identify and remediate API vulnerabilities like Naukri’s email exposure bug. Our tailored security insights empower teams to safeguard sensitive data and prevent phishing risks. Explore how QuarkyByte’s solutions can fortify your platform’s integrity and protect user trust.