Naukri exposed recruiter email addresses, researcher says

Naukri.com, a popular Indian employment website, has fixed a bug that exposed the email addresses of recruiters using its platform to search and hire talent online. The issue, discovered by security researcher Lohith Gowda, affected the API that Naukri used on its Android and iOS apps. The API exposed the email addresses of recruiters visiting profiles of potential candidates on Naukri’s platform. The issue did not appear to affect the company’s website. “The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam,” Gowda told TechCrunch. He added that exposed email IDs could be added to public breach databases or spam lists, and mass email address scraping could lead to automated bot abuse or scams. TechCrunch verified the exposure after the researcher shared details about the bug. The researcher confirmed to TechCrunch that the issue was fixed earlier this week, which Naukri corroborated on Friday. “ ... Read full article.