Naukri.comA famous Indian Special Website, a bug that reveals the email addresses of recruiters using the platform to search online.
The issue, learned in the Security Researcher Gowda, affects the API used by Naukri in Android and iOS apps. The API exposes recruiters’ email addresses visiting profiles of potential candidates on Naukri platform. The issue does not appear to affect the company’s website.
“The exposed recruiting emails available for target phishing attacks, and recruiters can receive excess non-compliant emails and spams,” Gowcrunch said.
He added that exposed email ids can be added to public breach databases or spam listings, and mass scraping on the masses can lead to automatic bot abuse or scam.
TechCrusch verifies exposure after researchers shared with details about the bug. The researcher confirmed the techcrunch that the issue was arranged earlier this week, Naukri promotes Friday.
“All known developments are implemented, ensure that our systems remain updated and renowned,” the offer VIJ, this cause to infrastructure company in the email. “Our teams are not found in any usual activity affecting user’s integrity.”
Built in March 1997, Nuukri.com is the most classified Indian recruitment website, helped connect recruiters, job owners. Outside India, the site exists in the Middle East as Naisalf.com.
“Some parts of our recruiter profiles are designed to inform users to know who has the profile (s) and audit evaluations,” VIJ said.
