Naukri.com, India’s largest classified recruitment website, recently came on the radar for a major security lapse. This incident leaked the emails of thousands of recruiters who utilize the service. Founded in March 1997, Naukri.com serves as a vital link between recruiters, employers, and job seekers, facilitating their interactions online. Fellow security researcher Lohith Gowda found that this was a serious bug plaguing the site. Unfortunately, the new data raised alarms over how this exposed information could be used maliciously.
We connected the vulnerability to the application programming interface (API) employed by Naukri.com. This problem was not limited to its mobile applications on Android or Apple’s iOS platform. This vulnerability left IT systems open to exploitation, exposing sensitive information and the threat of targeted phishing attacks. Gowda highlighted the gravity of the situation, stating, “The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam.“
Naukri.com, based in India, serves the Middle East through Naukrigulf.com. This jurisdictional move deepens its power over the employment sector. After the bug was brought to their attention, Naukri.com wasted no time putting fixes into place to remediate the bug. Alok Vij, IT infrastructure head at Naukri’s parent company InfoEdge, reassured users of their commitment to security by stating, “All identified enhancements are implemented, ensuring our systems remain updated and resilient.”
The firm doubled down on its faith in the company’s cybersecurity practices by touting its use of forensic audits and security assessments. Vij added, “Certain features of our recruiter profiles are designed to be public to enable users to know who has access to their profile(s). We conduct regular audits and security assessments.” We hope this announcement highlights Naukri.com’s commitment to providing a safe and secure platform for our users.
Despite this one hiccup, Naukri.com is still the first stop for millions of Indian job seekers and recruiters. The website’s ability to connect various stakeholders in the employment sector continues to make it a trusted platform for many. As the digital landscape continues to change, Naukri.com is constantly focused on improving its security standards to keep user data safe.