Unveiled again: Recruiter email addresses exposed on another prominent job search platform
A significant issue involving one of India's leading job portals, Naukri.com, has been uncovered. A security vulnerability in the platform's API for mobile apps reportedly exposed the email addresses of recruiters while they were browsing candidate profiles.
As per reports, Lohith Gowda, a cybersecurity researcher, identified the flaw in the API for Android and iOS apps. This vulnerability potentially put the exposed recruiters at risk of targeted phishing attacks and excessive unsolicited emails and spam. Gowda further explained the potential consequences, mentioning that the email addresses could be added to spam lists, public breach databases, and even picked up by scraping bots. This, in turn, could lead to automation of scams.
User privacy concerns aside, this exposure could lead to perilous circumstances for recruiters. The sensitive information, intended to be kept confidential, fell vulnerable to exploitation. Threat actors could potentially manipulate phishing emails by referencing ongoing hiring campaigns, candidate resumes, or job platforms the recruiter uses. Moreover, the urgency built into the phishing emails could induce rash decisions from victims, subsequently leading to regret.
In response to the discovery, Naukri.com moved swiftly to rectify the issue. According to Alok Vij, IT infrastructure head at InfoEdge - the parent company of Naukri.com, all enhancements necessary to plug the leak have been implemented, ensuring the platform's resilience. As confirmed by Vij to TechCrunch, their teams did not observe any unusual activity that impacted the integrity of user data following the fix.
Naukri.com stands as one of the most visited job sites in India, amassing more than 28 million unique monthly visits and claiming the top spot as India's number one job and employment website according to SimilarWeb data from April 2025. It is important to remain vigilant in the face of such incidents and be cautious of potentially harmful attempts to breach private information.
- The technology-related general-news of a security vulnerability in Naukri.com's mobile app API has raised concerns about cybersecurity, as the exposed email addresses of recruiters could lead to targeted phishing attacks, excessive spam, and potential automation of scams.
- Crime-and-justice implications of this cybersecurity issue are significant, as threat actors could manipulate phishing emails by referencing ongoing hiring campaigns, candidate resumes, or job platforms, exploiting the sensitive information intended to stay confidential and inducing rash decisions from victims.
