Naukri.comA popular Indian employment website has solved an error that exposed the email addresses of the recruiters using their platform to search and hire online talent.
The problem, discovered by security researcher Lohith Gowda, affected the API that Naukri used in its Android and iOS applications. The API presented the email addresses of recruiters visiting profiles of possible candidates on the Naukri platform. The problem did not seem to affect the company’s website.
“The email IDs of the exposed recruiter can be used for directed phishing attacks, and recruiters can receive emails and spam unplayed excessive,” Gowda told TechCrunch.
He added that the exposed email IDs could be added to the public violation databases or spam lists, and the scraping of the mass email address could lead to automated abuses or spills.
Techcrunch verified the exhibition after the researcher shared details about the error. The researcher confirmed to TechCrunch that the problem was solved earlier this week, which Naukri corroborated on Friday.
“All identified improvements are implemented, ensuring that our systems remain updated and resistant,” TECHCRUNK, head of IT infrastructure of the Naukri’s parent company, Techcrunch by email, told Techcrunk. “Our equipment has not detected any habitual activity that affects the integrity of user data.”
Founded in March 1997, Naukri.com is the classified recruitment website of India, which helps connect recruiters, employers and job seekers. In addition to India, the site exists in the Middle East as Naukrigulf.com.
“Certain characteristics of our recruiter profiles are designed to be public to allow users to know who has access to their profile (s). We carry out regular audits and security evaluations,” said VIJ.