A major Indian job site, Naukri.com, experienced a data leak due to a vulnerability in their API. The leak exposed recruiter email addresses, which could be used for targeted phishing attacks and spam. The issue was discovered by a security researcher and quickly addressed by the company. Naukri.com ranks as the number one job and employment website in India, with over 28 million unique monthly visits.
TPRM report: https://scoringcyber.rankiteo.com/company/info-edge-india
"id": "inf324052725",
"linkid": "info-edge-india",
"type": "Vulnerability",
"date": "5/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Employment',
'location': 'India',
'name': 'Naukri.com',
'type': 'Job Portal'}],
'attack_vector': 'API Vulnerability',
'data_breach': {'type_of_data_compromised': 'Email addresses'},
'description': "A security researcher discovered a vulnerability in Naukri's "
'API for Android and iOS apps, which exposed recruiter email '
'addresses when viewing candidate profiles.',
'impact': {'data_compromised': 'Recruiter email addresses',
'systems_affected': 'Naukri API for Android and iOS apps'},
'investigation_status': 'Resolved',
'post_incident_analysis': {'corrective_actions': 'Fixed the API bug and '
'implemented system '
'enhancements',
'root_causes': 'API bug'},
'references': [{'source': 'TechCrunch'}],
'response': {'containment_measures': 'Fixed the API bug',
'remediation_measures': 'Implemented enhancements to ensure '
'system resilience'},
'title': 'Recruiter Email Leak at Naukri.com',
'type': 'Data Leak',
'vulnerability_exploited': 'API bug exposing recruiter email addresses'}