Naukri Data Breach: Researcher Uncovers Exposed Recruiter Email Addresses

Naukri Data Breach: Researcher Uncovers Exposed Recruiter Email Addresses

Naukri.com, a leading employment platform in India, recently addressed a significant security vulnerability that exposed the email addresses of recruiters searching for talent. This issue raised concerns about potential phishing attacks and spam targeting the recruiters using this well-known job portal.

Security Flaw Discovered by Researcher

The bug was identified by security researcher Lohith Gowda, who reported that the vulnerability was linked to the API used by Naukri’s Android and iOS applications. This flaw allowed the email addresses of recruiters to be visible when they viewed profiles of potential candidates.

Impact of the Security Breach

This security breach did not affect the Naukri website, but it raised alarm among the recruitment community. According to Gowda:

  • The exposed email addresses could be exploited for targeted phishing attacks.
  • Recruiters may face an influx of unsolicited emails and spam.
  • There is a risk of these emails being added to public breach databases, leading to further spam and scams.

Confirmation of Fix and Security Measures

TechCrunch confirmed the exposure after reviewing the details shared by Gowda. The researcher noted that Naukri promptly fixed the issue earlier this week, a statement supported by the company on Friday.

Statement from Naukri

Alok Vij, the IT infrastructure head at Naukri’s parent company InfoEdge, reassured users via email:

“All identified enhancements are implemented, ensuring our systems remain updated and resilient. Our teams have not detected any unusual activity that affects the integrity of user data.”

Naukri.com: A Brief Overview

Founded in March 1997, Naukri.com is recognized as India’s premier recruitment platform, facilitating connections between recruiters, employers, and job seekers. The platform also extends its services to the Middle East through Naukrigulf.com.

READ ALSO  Endor Labs Secures $93M to Revolutionize AI Code Vulnerability Scanning Tools

Commitment to Security

Vij emphasized that certain features of recruiter profiles are intentionally public to allow users to see who has access to their profiles. He added:

“We conduct regular audits and security assessments to safeguard our users.”

For more information on job hunting and recruitment trends, visit our article on Job Hunting Tips.

Similar Posts

US Army Soldier Admits Guilt in Major AT&T and Verizon Cyber Hacking Scandal

US Army Soldier Admits Guilt in Major AT&T and Verizon Cyber Hacking Scandal

Bysupport

Cameron John Wagenius, a former U.S. Army soldier, has pleaded guilty to hacking into AT&T and Verizon, unlawfully accessing confidential phone records. He faces up to ten years in prison and a $250,000 fine for each of the two counts. His case is linked to other alleged hackers involved in significant data breaches, including those affecting the cloud services company Snowflake. U.S. attorney Tessa Gorman noted that the breaches at AT&T and Verizon resulted from the same intrusion efforts. The attacks compromised sensitive information from over 160 companies, highlighting the urgent need for enhanced cybersecurity measures.

Global Police Crackdown: Major Operation Takes Down 8Base Ransomware Gang's Leak Site

Global Police Crackdown: Major Operation Takes Down 8Base Ransomware Gang’s Leak Site

Bysupport

The takedown of the 8base ransomware gang has significantly impacted the cybercrime landscape, led by the Bavarian State Criminal Police with support from international law enforcement agencies, including those from Europe, Japan, the U.S., and U.K. Established in 2022 and linked to RansomHouse, 8base employed double-extortion tactics, targeting various sectors such as healthcare and education. Their notable attacks included a breach of the United Nations Development Programme. The operation underscores the effectiveness of global cooperation in combating ransomware, as authorities continue to intensify their efforts against cybercriminal activities.

Revolutionizing Cybersecurity Training: Anagram's Engaging Gamified Approach for Employees

Revolutionizing Cybersecurity Training: Anagram’s Engaging Gamified Approach for Employees

Bysupport

Despite mandatory cybersecurity training, human errors continue to drive breaches, exacerbated by evolving generative AI and social engineering tactics. Anagram, a New York-based company, has developed an engaging cybersecurity training platform featuring bite-sized videos and personalized puzzles to help employees identify suspicious communications. Co-founder Harley Sugarman noted their innovative approach draws inspiration from platforms like TikTok and Duolingo. After pivoting from a focus on cybersecurity professionals to non-security employees, Anagram has seen significant growth, attracting clients like Disney. Recently securing $10 million in funding, the company plans to enhance its product and develop an AI agent to flag potential threats in email systems.

Mozilla Addresses Backlash: Assures Users Their Data Won't Fuel AI Development

Mozilla Fixes Critical Firefox Vulnerability Exploited in the Wild, Echoing Chrome’s Recent Security Threat

Bysupport

Mozilla has released a critical update for Firefox (version 136.0.4) to address a significant security vulnerability (CVE-2025-2857) that cybercriminals were actively exploiting. This flaw allows attackers to escape Firefox’s sandbox, potentially leading to unauthorized access to sensitive data. The issue also affects other browsers, including the Tor Browser, which has been updated as well. Kaspersky researcher Boris Larin confirmed that this vulnerability shares similarities with a recent bug in Google Chrome. Users are urged to keep their browsers updated to safeguard against evolving cyber threats and maintain online security.

Apple Alerts Global Users of Recent Spyware Attacks: Protect Yourself Now!

Apple Alerts Global Users of Recent Spyware Attacks: Protect Yourself Now!

Bysupport

Apple has notified users in 100 countries about potential government-backed spyware attacks, raising global concerns over digital privacy and security. Notable recipients include Italian journalist Ciro Pellegrino and Dutch activist Eva Vlaardingerbroek, both of whom shared their alarming notifications. These alerts emphasize the seriousness of spyware threats, often linked to commercial surveillance software used by governments. Apple encourages users to take these warnings seriously, secure their devices, and contact cybersecurity experts if necessary. This initiative reflects a broader effort by tech companies like Google and WhatsApp to combat cyber threats and protect user privacy in an increasingly surveilled digital landscape.

Leave a Reply

Your email address will not be published. Required fields are marked *