Analysis

Naukri.com, a prominent Indian employment platform and a subsidiary of InfoEdge, recently rectified a security vulnerability within its mobile application API. This flaw, identified by security researcher Lohith Gowda, inadvertently exposed the email addresses of recruiters when they accessed candidate profiles via Naukri's Android and iOS applications, though the website remained unaffected. The exposure carried potential risks including targeted phishing campaigns, unsolicited emails, and the possibility of these email addresses being incorporated into public breach databases or spam lists, potentially leading to automated bot abuse. TechCrunch independently verified the vulnerability before its remediation. InfoEdge's IT infrastructure head, Alok Vij, confirmed the issue was resolved and stated that system enhancements have been implemented to bolster resilience, further noting that internal teams detected no unusual activity compromising user data integrity. Vij also contextualized that certain recruiter profile elements are intentionally public to facilitate user interaction and transparency regarding profile access, and affirmed the company's commitment to regular security audits. This incident, while resolved, underscores the persistent cybersecurity challenges faced by digital platforms handling sensitive user information, even as Naukri.com maintains its position as India's leading classified recruitment website with operations extending to the Middle East.