Naukri.com, a famous Indian employment internet site, has fixed a malicious program that uncovered the Email addresses of recruiters using its platform to go looking and rent talent online.
The problem, located via security researcher Lohith Gowda, affected the API that Naukri used on its Android and iOS apps. The API uncovered the E-mail addresses of recruiters journeying profiles of capacity applicants on Naukri’s platform. The problem did not seem to affect the business enterprise’s internet site.
“The exposed recruiter e mail IDs can be used for centered phishing attacks, and recruiters may additionally acquire immoderate unsolicited emails and unsolicited mail,” Gowda told TechCrunch.
He added that uncovered electronic mail IDs could be brought to public breach databases or unsolicited mail lists, and mass email address scraping could result in automatic bot abuse or scams.
Founded in March 1997, Naukri.com is India’s top labeled recruitment website, supporting connect recruiters, employers, and job seekers. apart from India, the web page exists in the middle East as Naukrigulf.com.
“All recognized upgrades are applied, making sure our structures stay updated and resilient,” Alok Vij, IT infrastructure head at Naukri’s parent agency InfoEdge, informed TechCrunch over email. “Our groups have no longer detected any usual hobby that influences the integrity of consumer facts.”
“Positive functions of our recruiter profiles are designed to be public to permit users to recognise who has get right of entry to to their profile(s). We behavior normal audits and safety exams,” said Vij.
- TED App Introduces Short-Form Video Feature Amid TikTok Potential Ban
- Google Expands AI Features for Search and Introduces Enhanced “AI Mode” Shopping Option
- Apple Stock Dips as Trump Warns of 25% Tariff on Non-US iPhone Production
TechCrunch proven the publicity after the researcher shared information about the malicious program. The researcher showed to TechCrunch that the problem become constant in advance this week, which Naukri corroborated on Friday.
(Source: TECHCRUNCH)
