Naukri Bug Exposes Thousands Recruiter Email IDs India

Naukri.com, a leading Indian employment platform, fixed a bug in the API used by its Android and iOS apps that exposed the email addresses of recruiters viewing candidate profiles. The vulnerability did not affect the website version of Naukri.com but posed risks such as targeted phishing attacks, spam, and potential misuse of the exposed email addresses through public breach databases or automated bot abuse. Security researcher Lohith Gowda discovered and reported the issue, which the company promptly addressed, with no evidence of data misuse found. Naukri's parent company, InfoEdge, stated that all necessary improvements were implemented and no unusual activity compromising data integrity was detected. The company emphasized that some recruiter profile information is intentionally public to inform users and that regular security audits and assessments are conducted to maintain system resilience. This incident highlights the importance of ongoing security vigilance for platforms handling sensitive user and professional data.