1. Critical Bug in Naukri.com App Exposed Recruiter Emails
A serious flaw in Naukri.com’s mobile apps was discovered that made recruiter email addresses publicly accessible. This issue was tied to the API used by the Android and iOS apps, not the website. Security researcher Lohith Gowda reported the bug, revealing that email IDs of recruiters visiting candidate profiles were visible — posing a huge privacy concern.
2. Researcher Lohith Gowda Uncovered the Security Flaw
The vulnerability was identified by security researcher Lohith Gowda, who shared his findings with TechCrunch. His analysis showed that any user with basic technical knowledge could access recruiter email addresses through the app. This disclosure played a crucial role in prompting Naukri.com to act swiftly and patch the problem.
3. API Flaw Affected Mobile Users, Not Website
The issue was confined to the mobile platforms — specifically the Android and iOS apps. Naukri.com’s desktop website remained unaffected by this bug. The API flaw allowed app users or automated scripts to extract recruiter data, putting many hiring professionals at risk of spam and scams.
4. Why Exposing Recruiter Email Addresses Is Dangerous
The exposure of recruiter email addresses could lead to phishing attacks, spam, and malicious activity. With access to a real recruiter’s email, scammers could impersonate them to send fake job offers or malicious links. It also risked adding these addresses to dark web databases and spam lists.
5. Potential Risks Include Phishing and Identity Theft
Gowda explained that exposed emails could be used in phishing scams or identity theft. Automated bots could scrape and misuse these email IDs for sending mass spam, fake offers, or even malware-laced job applications. For companies, this posed a direct threat to brand reputation and recruiter trust.
6. Company Responded Quickly and Fixed the Issue
After verification from TechCrunch, Naukri.com acknowledged the issue and fixed it within days. Info Edge, the parent company, confirmed that all necessary updates were implemented. They assured users that no unusual or harmful activity affecting data security had been detected post-fix.
7. Statement from Naukri.com on Data Security
Alok Vij, Head of IT Infrastructure at Info Edge, stated that the company regularly audits its systems for vulnerabilities. He confirmed that enhancements were made to secure the API and prevent further data leaks. The proactive response helped contain the damage and reassure users.
8. What is Naukri.com and Why the Impact Matters
Founded in 1997, Naukri.com is India’s largest job and recruitment portal. It connects millions of job seekers with thousands of recruiters daily. With such high usage, a vulnerability like exposed recruiter email addresses can have large-scale consequences — especially if misused by scammers.
9. Steps Recruiters Should Take to Stay Safe
Recruiters should be vigilant with emails and avoid clicking suspicious links or attachments. They must ensure their email IDs are not misused and report any phishing attempt. It’s wise to use official business domains and enable spam filters for added security after this Naukri.com recruiter email addresses exposed incident.
READ MORE: Alt Carbon: A unique startup that is saving the environment by removing carbon in India
10. Caution for Candidates Using Naukri.com
Job seekers should never trust job offers coming from unknown or free email domains. Always verify recruiter identities through official channels. If you happen to see a recruiter’s email inadvertently, don’t misuse it — respect privacy and help keep platforms like Naukri.com secure for everyone.
