1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Another top employment website found exposing recruiter email add

    From TechnologyDaily@1337:1/100 to All on Tuesday, May 27, 2025 10:45:09
    Another top employment website found exposing recruiter email addresses

    Date:
    Tue, 27 May 2025 09:39:27 +0000

    Description:
    A bug in the API caused the leak, but was since then plugged.

    FULL STORY ======================================================================A major Indian job site was leaking recruiter emails The problem stemmed from a bug
    in the Naukri API The hole was quickly plugged, but users should be aware of scams

    One of the most popular and widely used job portals in India has reportedly been found leaking recruiter email addresses.

    A security researcher named Lohith Gowda recently discovered a vulnerability in Naukris API for Android and iOS apps, which exposed the recruiters email addresses when they were viewing profiles of potential candidates.

    Speaking to TechCrunch , Gowda explained what the dangers of this vulnerability were: The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam."

    Save up to 68% for TechRadar readers

    TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

    Preferred partner ( What does this mean? ) View Deal 2FA codes and session tokens

    Gowda further stressed that the email IDs can be added to different spam
    lists and public breach databases, which are sometimes picked up by scraping bots. This, in turn, can lead to automated bot abuse and various scams.

    Relevancy and a sense of urgency are key to a successful phishing email.

    An attacker might reference an ongoing hiring campaign, a candidate's resume, or a job platform the recruiter uses, to make the email feel timely and legitimate.

    Urgency, on the other hand, is how threat actors force the victims into
    making rash decisions that they later regret.

    In this case, these could be claims of a top candidate being about to accept another offer or interview access links that are expiring.

    After discovering the flaw, Gowda reached out to Naukri, who then plugged the leak. All identified enhancements are implemented, ensuring our systems
    remain updated and resilient, Alok Vij, IT infrastructure head at Naukris parent company InfoEdge, confirmed to TechCrunch . Our teams have not
    detected any usual activity that affects the integrity of user data.

    Naukri.com is one of the most popular Indian job sites . According to SimilarWeb , it had more than 28 million unique monthly visits in April 2025, and ranks as the number one job and employment website in the country. You might also like Login and password details for Apple, Google and Meta
    accounts found in huge data breach of 184 million accounts Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/another-top-employment-website-found-ex posing-recruiter-email-addresses


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)