Bug Exposed Recruiter Email Addresses on Naukri.com

A bug was discovered in Naukri.com’s mobile apps, exposing the email addresses of recruiters using the platform. According to a report by TechCrunch, the vulnerability has since been fixed.

Cause of the Bug

Security researcher Lohith Gowda, who discovered the issue, stated that it was caused by a flaw in the API used by Naukri’s Android and iOS apps. The bug exposed recruiter email IDs when they viewed candidate profiles. The web version of Naukri.com was unaffected.

Potential Risks

Gowda warned that the exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam. He also cautioned that the data could end up in public breach databases or spam lists, making it susceptible to bot abuse or scams.

Response from Naukri

A senior IT infrastructure executive at Naukri stated that the issue was resolved earlier this week and added that the company had "detected no unusual activity that affects the integrity of user data".

Article Information

• Published On: May 26, 2025 at 09:18 AM IST

Join the Community

Join the community of 2M+ industry professionals by subscribing to our newsletter to get the latest insights and analysis in your inbox.

Stay Updated on the Go

Get all the latest news and updates about the ETCISO industry on your smartphone.