A newly discovered Naukri bug exposed email addresses of recruiters using the popular Indian job portal’s mobile app, posing significant phishing risks.
The vulnerability, uncovered by cybersecurity researcher Lohith Gowda, impacted the API used by Naukri’s Android and iOS apps. This flaw revealed recruiter email IDs whenever they visited candidate profiles. Fortunately, the website version of Naukri remained unaffected.
Gowda explained that this type of data leak could open the door to targeted phishing attacks, placing recruiters at risk of spam, unsolicited contact, and being added to public breach databases or scraping tools. He warned that such exposures often lead to bot abuse and mass scams.
Bug Fixed Before Exploitation, Says Naukri
TechCrunch validated the issue after Gowda shared detailed findings. According to the researcher, Naukri acted quickly and patched the vulnerability earlier this week. The fix was later confirmed by Alok Vij, Head of IT Infrastructure at InfoEdge, Naukri’s parent company.
“All identified enhancements are implemented, ensuring our systems remain updated and resilient,” Vij said. He also confirmed that no suspicious activity had been found that would indicate the user data had been exploited.
Proactive Measures and Transparency from Naukri
Founded in 1997, Naukri.com is India’s largest job portal, serving both local and international markets, including through Naukrigulf.com in the Middle East. The platform facilitates connections between recruiters and job seekers across industries.
Vij noted that some recruiter profile features are designed to be publicly visible so candidates can see who has viewed their profiles. He emphasized that Naukri conducts regular security audits and remains committed to protecting its users.
While the Naukri bug did not result in any known breaches, the incident highlights the importance of ongoing cybersecurity vigilance in recruitment tech platforms. Users are advised to stay cautious and report any suspicious emails related to recruiter activity.
