After CBSE and NTA row, JEE Advanced 2026 data exposure claim by a Dubai-based researcher sparks security debate, institute responds
This development adds to a growing list of new cybersecurity concerns involving exam-related platforms across India.
ALSO READ: Amid layoffs, this engineering position sees 700% increase in demand, with salaries of up to $200,000 offered
What Was Allegedly Revealed?
According to the researcher, the exposed cloud storage included:
Approximately 179,600 result records
Approximately 187,300 admit card PDFs
ALSO READ: “7.2 LPA to 16?”: Employer says he is “out of touch with today’s generation” after expectation of 100% pay rise, internet says ‘nothing wrong with paying…’
The files were said to contain personal information such as:Candidate names
birth dates
mobile phone numbers
While the allegations were shared on social media, screenshots and technical details were discussed by cyber security experts. It is important to note that the exact scale of claimed exposure has not been independently verified.
IIT Roorkee Admits the Problem
Unlike several recent cybersecurity allegations involving review platforms, this case has received public outcry from the Indian Institute of Technology Roorkee.
Responding to the researcher on X, the institute confirmed that a cloud storage configuration issue has been detected and is being resolved.
“Thank you for pointing out the configuration issue on the cloud storage device. The same gets stuck on priority. The stored data was read-only and hence there was no possibility of any modification. We appreciate your responsible and ethical conduct,” the institute wrote. he said.
The statement claims that while certain information can be accessed, there is no indication that the data could be altered or falsified.
Researcher Welcomes Response
Following IIT Roorkee’s approval, Rylen Anil thanked the institute for taking quick action. He also appreciated the authorities’ willingness to conduct responsible vetting and address the issue once it was reported.
Part of a Larger Pattern
The latest revelation comes at a time when cybersecurity practices in India’s exam ecosystem are facing increasing scrutiny. Concerns have been raised in recent weeks about digital systems linked to:
Central Board of Secondary Education (CBSE)
National Testing Agency (NTA)
CBSE’s digital assessment infrastructure was recently called into question after alleged security vulnerabilities were reported by a student researcher. The board later stated that the detected problems were brought under control and additional security measures were implemented.
Separately, allegations have also been made regarding the NTA’s reexamination portal, alleging that administrative access controls can be bypassed. The agency has not commented publicly on these allegations.
Why is the issue important?
Today, examination institutions rely heavily on digital platforms for:
Candidate registration
Accept card creation
Evaluation processes
Result publication
Handling complaints
These systems process sensitive information about millions of students every year. As a result, even configuration errors that do not involve hacking or data manipulation can raise privacy and data protection concerns.
Overview of Exam Cyber Security
The latest announcement on JEE Advanced has renewed discussions about the need for stronger cybersecurity controls, regular vulnerability assessments and stricter cloud security practices.
With many exam platforms quickly facing security-related questions, attention is increasingly shifting towards the technology infrastructure that supports India’s education and testing ecosystem.
For institutions running high-stakes exams, protecting student data is becoming as important as conducting the exams.
(With TOI entries)
