Naukri.com, India’s largest recruitment website, recently exposed the largest job seekers database. This grave flaw allowed anyone to see the email address of any recruiter still utilizing the platform. Founded in March 1997, Naukri.com has revolutionized the job industry in India. It provides a vital connection between recruiters, employers, and job seekers across the country. The vulnerability, in these packages and beyond, was discovered by security researcher Lohith Gowda. He found it hiding in the API that powers Naukri.com’s Android and iOS mobile apps.
Yet the inherently broad wording of the issue posed a significant risk to well-meaning recruiters. Those exposed email addresses would be bait for phishing attacks on those administrators. Gowda emphasized the gravity of the situation, stating, “The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam.” These vulnerabilities have become a major threat to consumer confidence in online recruitment platforms. It’s critically important that companies address any security holes immediately.
Naukri.com — which operates in the Middle East as Naukrigulf.com — has promised users that the bug has been rectified. Alok Vij, the IT infrastructure head at Naukri’s parent company InfoEdge, confirmed that the necessary measures have been implemented to bolster security. “All identified enhancements are implemented, ensuring our systems remain updated and resilient,” Vij stated.
The platform has done an admirable job of being upfront about its security measures. “Certain features of our recruiter profiles are designed to be public to enable users to know who has access to their profile(s). We conduct regular audits and security assessments,” Vij added. These proclamations seem to indicate Naukri.com’s desire to protect user data and not have future breaches occur.
Even with this attack, Naukri.com is still one of the most ubiquitous employment sites in India, enabling 3 million monthly recruiter-employer connections and 10 million job seeker applications. The company’s stance on the breaches The company has said it is committed to performing regular security audits and assessments to continually develop its systems.
Leave a Reply