A vulnerability in Naukri.com’s mobile applications has been discovered, exposing the email addresses of recruiters who use the platform to find talent, as reported by TechCrunch. The issue has since been resolved.

According to security researcher Lohith Gowda, who found the vulnerability, it was caused by a flaw in the API used by Naukri’s Android and iOS applications. The bug revealed recruiter email IDs when they viewed candidate profiles, although the web version of Naukri.com was not affected.

Gowda warned that the exposed recruiter email IDs could be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam.

He also cautioned that the data could end up in public breach databases or spam lists, making it susceptible to bot abuse or scams.

A senior IT infrastructure executive at Naukri stated that the issue was fixed earlier this week and added that the company had “detected no unusual activity that affects the integrity of user data”.

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get the latest insights and analysis.

Download the ETCISO App

• Get real-time updates
• Save your favorite articles

Scan to download the App