Naukri.comA popular Indian employment website, has set a bug, which has highlighted the email address of the recruiters using its platform to find and hire online talent.
The issue discovered by security researcher Lohith Gowda impressed the API, which was used by the nose on its Android and iOS apps. The API highlighted the email address of the recruitments going on a profile of potential candidates on the Naukri platform. The issue did not appear to influence the company’s website.
“The exposed recruiter email ID can be used for targeted fishing attacks, and recruitors can receive highly unwanted emails and spams,” Gowda explained Techcrunch.
He said that exposed email ID can be added to public brech database or spam lists, and mass email address scraping can lead to automatic bot abuse or scam.
Techcrunch verified the exposure after sharing the details about the bug. The researcher confirmed Techcrunch that the issue was settled earlier this week, which was confirmed by the naked on Friday.
“All identified promotion are applied, ensuring that our systems remain updated and flexible,” Alok VIJ, head of the IT infrastructure in Nakri’s original company Infoedge, told Techcrunch on the email. “Our teams have not detected any general activity that affects the integrity of user data.”
Established in March 1997, Naukri.com is India’s top classified recruitment website, which helps connect connect recruitors, employers and job seekers. Apart from India, the site is present in the Middle East as Naukrigulf.com.
“Some characteristics of our recruiter profile are designed to be public to learn users that they have access to the profile. We make regular audit and security assessments.”
