Naukri.com, one of India’s largest job portals, recently patched a security vulnerability that exposed recruiter email addresses through its mobile applications. The bug, found by independent cybersecurity researcher Lohith Gowda, was tied to the platform’s Android and iOS apps API.
The issue came to light when Gowda noticed that recruiter email IDs were visible to anyone whose profile was viewed via Naukri’s mobile interface. This flaw did not extend to the desktop website, keeping it unaffected.
Speaking with TechCrunch, Gowda warned that the leaked emails could be exploited for targeted phishing, spam attacks, and data scraping. “This kind of exposure makes it easier for bad actors to gather emails into breach databases or use them for scams,” he said.
TechCrunch verified Gowda’s findings before reporting the issue to Naukri, which promptly addressed the vulnerability. Naukri confirmed the fix on Friday, stating it had taken steps to improve system resilience.
Security Teams Act Swiftly to Seal the Breach
Alok Vij, the head of IT infrastructure at InfoEdge—the parent company of Naukri.com—shared that all necessary security enhancements were rolled out. “Our teams have not detected any abnormal activity impacting user data integrity,” he assured in a statement to TechCrunch.
Vij also mentioned that Naukri conducts regular audits and assessments to safeguard its platform. Some features of recruiter profiles are intentionally public to inform job seekers about who’s viewing their information, he added.
Founded in 1997, Naukri.com has played a vital role in connecting job seekers with recruiters across India. The platform also operates under the name Naukrigulf.com in the Middle East, expanding its reach beyond Indian borders.
This latest incident serves as a reminder of the risks associated with API vulnerabilities, especially on mobile platforms that process high volumes of user interactions. Even a minor lapse in security can potentially expose sensitive information to unwanted threats.
As phishing and scam tactics evolve, platforms like Naukri must remain vigilant. Email addresses of recruiters are particularly valuable as they can lead to fraudulent communications posing as legitimate job offers.
Gowda emphasized the need for responsible disclosure and quick action in such cases. He commended Naukri for fixing the bug quickly after being notified.
While no misuse of the data has been reported so far, users—especially recruiters—are encouraged to stay alert, use spam filters, and report suspicious activity. Naukri’s swift response demonstrates the importance of ethical hacking and proactive cybersecurity in the tech industry.
