Skip to main content

Naukri - Job Search Apps mail ID exposed

Naukri, a leading Indian jobs website, has patched a vulnerability that revealed the email IDs of recruiters posting jobs on its site to hunt for and recruit candidates online.

The issue, discovered by security researcher Lohith Gowda, affected the API that Naukri used on its Android and iOS apps. The API exposed the email addresses of recruiters visiting profiles of potential candidates on Naukri’s platform. The issue did not appear to affect the company’s website.

The exposed recruiter email IDs can be used for targeted phishing attacks, and recruiters may receive excessive unsolicited emails and spam,” Gowda told TechCrunch.

He stated that open email IDs could be included in public breach databases or spam lists, and bulk scraping of email addresses can result in automated bot abuse or scams.

TechCrunch confirmed the exposure after Gowda made disclosures regarding the bug. The researcher confirmed to TechCrunch that the bug was remediated earlier this week, which Naukri seconded on Friday.

All identified enhancements are implemented, ensuring our systems remain updated and resilient,” Alok Vij, IT infrastructure head at Naukri’s parent company InfoEdge, told TechCrunch over email.

Certain aspects of our recruiter profiles are made public to facilitate users to know who can see their profile(s). We perform frequent audits and security reviews, Mr.Vij stated.



Popular posts from this blog

Cybersecurity Giant CrowdStrike Triggers Worldwide Computer to Blue Screen of Death

    Recently, a widespread issue has paralyzed computers globally, initially mistaken for a cyber attack. Speculations pointed fingers at Microsoft, as only Windows systems seemed affected. However, the real culprit was CrowdStrike, a major cybersecurity firm renowned for its endpoint protection services, akin to antivirus for corporate fleets of computers. The problem stemmed from an automatic update pushed by CrowdStrike, designed to enhance security through its endpoint sensors. Unfortunately, a critical bug slipped into the update, causing affected computers—running CrowdStrike's software—to crash irreparably. Since the sensors operate at a deep system level, the glitch caused entire systems to enter a continuous cycle of crashes, known ominously as the "blue screen of death." CrowdStrike quickly acknowledged the issue and provided a fix, albeit a cumbersome one. Affected PCs must be manually booted into safe mode to remove specific files, a process that needs to be r...
Read more

Grok 3: The AI Chatbot Breaking Boundaries with Bold, Uncensored Responses

  In the ever-evolving world of artificial intelligence, Grok 3 is quickly making waves both for its cutting-edge capabilities and its shocking, unfiltered personality. Developed by Elon Musk’s xAI, Grok 3 is an AI chatbot that has taken the internet by storm, especially among regular X (formerly Twitter) users in India. Known for its snarky responses, irreverent tone, and ability to learn from the unpredictable and sometimes profane language of users, Grok 3 is far from your average chatbot. Launched in February 2025, Grok 3 is a powerhouse of computational prowess, utilizing 12.8 trillion tokens to deliver responses that range from wildly intelligent to oddly rebellious. It’s trained with data from a variety of sources everything from legal filings to X posts giving it a diverse range of knowledge and a unique ability to engage in conversation that feels real, yet sometimes, unsettlingly raw. But it’s not just Grok 3’s wealth of knowledge that’s making headlines. The chatbot ...
Read more

AI tools on the dark web

  As AI continues to develop, its role in cybercrime on the dark web will only increase. The ability of cybercriminals to experiment with AI-powered tools is a new frontier in the ongoing war between hackers and cybersecurity experts. The Dark Web is quickly becoming a testing ground for new AI-powered attacks. The bad actors can customize their methods and expand their scope of their crimes. 1. FraudGPT – When AI is the worst spammer FraudGPT is a tool that sends fake emails. Create a fraudulent website And it spreads malware like a 24/7 scam operation. It's so clever it can trick you into handing over sensitive information to hackers—just like your grandma's bank details! If installed correctly, it does not require too much energy to operate. 2. Angler AI – A fishing tool that personalizes your attacks. Angler AI is a secret tool. That changes perspective depending on how you respond. It's like a telemarketer who knows everything about you and can even pretend to be y...
Read more