Cyber Incident Victim: Naukri.com
Date:
Mar 2018
Location:
India
Summary
A cyberattack targeting a major Indian job portal compromised over 100,000 resumes after hackers breached the server managed by an outsourced IT firm. Nigerian threat actors exploited vulnerabilities in the website's HTML to access the database, subsequently using stolen personal data to impersonate reputable companies and defraud job seekers through fake employment offers and fraudulent loan schemes. The attackers contacted approximately 10,000 individuals, soliciting payments for fictitious registration fees and interviews, while law enforcement linked the incident to a broader pattern of similar scams comprising nearly a third of recent cybercrime complaints. The compromised resumes originated from a server handling first-time user uploads, with the breach prompting immediate containment efforts by the service provider.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In March 2018, Nigerian hackers breached the servers of Naukri.com, India’s prominent job portal, stealing approximately 100,000 resumes. The breach was discovered after Klaus IT Solutions, the Bengaluru-based firm managing Naukri.com’s server infrastructure, filed a complaint with the CID Cyber Crime division. Investigations traced the attack to an IP address originating from Nigeria. Hackers first compromised the website’s Hypertext Markup Language (HTML) before penetrating the server managed by Klaus, which charged Naukri.com between ₹3 and ₹5 per resume for maintenance. The attackers downloaded roughly 300,000 resumes over a three-day period before Klaus detected the intrusion and implemented protective measures for the remaining database. This marked the first recorded breach of Naukri.com’s servers. The Cyber Crime cell formally contacted Naukri.com’s Mumbai headquarters seeking an explanation, while noting Klaus’s role as an outsourced vendor necessitated direct involvement from Naukri.com to file an official police report.
The stolen resumes enabled attackers to impersonate major corporations—including Wipro, Bosch, Airtel, and Accenture—to defraud job seekers. Fraudulent emails promised employment opportunities but demanded payments for registrations or interviews, affecting approximately 10,000 aspirants. Parallel scams involved fake bank representatives offering loans to targets. By March 23, 2018, 250 of the Cyber Crime cell’s 808 total complaints related to these fake job offers and loan schemes. Authorities confirmed the misuse of stolen resume data for these operations and advised vigilance in verifying unsolicited job offers. The incident underscored risks in third-party server management, as Klaus’s delayed detection allowed extensive data exfiltration before containment efforts began. No financial losses or technical specifics regarding server vulnerabilities were disclosed in available reports.