Naukri bug exposed recruiter email IDs via mobile apps: Report

A bug in Naukri.com’s mobile apps exposed the email addresses of recruiters using the platform to hire talent, according to a report by TechCrunch. The vulnerability has since been fixed.

Security researcher Lohith Gowda, who discovered the issue, said it was caused by a flaw in the API used by Naukri’s Android and iOS apps. The bug exposed recruiter email IDs when they viewed candidate profiles. The web version of Naukri.com was unaffected.

“The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam,” Gowda told TechCrunch.

He also warned that the data could end up in public breach databases or spam lists, making it susceptible to bot abuse or scams.

A senior IT infrastructure executive at Naukri said the issue was resolved earlier this week and added that the company had “detected no unusual activity that affects the integrity of user data”.