After CBSE and NTA row, a fresh cybersecurity concern has emerged around the digital infrastructure linked to JEE Advanced 2026, one of India's most prestigious engineering entrance exams, reports TOI's Sanjay Sharma. The issue came to light after Dubai-based cybersecurity researcher Rylen Anil claimed that a cloud storage configuration associated with the JEE Advanced result system was publicly accessible, potentially exposing a large number of candidate records.
The development adds to a growing list of recent cybersecurity concerns involving examination-related platforms across India.
ALSO READ: Amid layoffs, this engineering role sees 700% surge in demand, offers salaries up to $200,000
What Was Allegedly Exposed?
According to the researcher, the exposed cloud storage contained:
Around 179,600 result records
Nearly 187,300 admit-card PDFs
The files were said to include personal details such as:
Candidate names
Dates of birth
Mobile numbers
The claims were shared on social media, where screenshots and technical details were discussed by cybersecurity professionals. It is important to note that the exact scale of the alleged exposure has not been independently verified.
IIT Roorkee Acknowledges the Issue
Unlike several recent cybersecurity allegations involving examination platforms, this case received a public response from Indian Institute of Technology Roorkee.
Responding to the researcher on X, the institute confirmed that a cloud storage configuration issue had been identified and was being addressed.
"Thank you for pointing out the configuration issue in the cloud storage device. The same is being plugged on priority. The data stored was read-only and so there was no possibility of any alteration. We applaud your responsible and ethical behaviour," the institute said.
The statement suggests that while certain information may have been accessible, there was no indication that the data could be modified or tampered with.
Researcher Welcomes the Response
Following IIT Roorkee's acknowledgement, Rylen Anil thanked the institute for taking prompt action. He also appreciated the willingness of officials to engage with responsible security research and address the issue after it was reported.
Part of a Larger Pattern
The latest disclosure comes at a time when cybersecurity practices across India's examination ecosystem are facing increased scrutiny. In recent weeks, concerns have been raised about digital systems linked to:
Central Board of Secondary Education (CBSE)
National Testing Agency (NTA)
CBSE's digital evaluation infrastructure was recently questioned after alleged vulnerabilities were reported by a student researcher. The board later stated that identified issues had been contained and that additional security measures were being implemented.
Separately, allegations were also made regarding NTA's re-examination portal, with claims that administrative access controls could be bypassed. The agency has not publicly commented on those allegations.
Why the Issue Matters
Examination bodies today rely heavily on digital platforms for:
Candidate registration
Admit card generation
Evaluation processes
Result publication
Grievance handling
These systems handle sensitive information belonging to millions of students every year. As a result, even configuration mistakes that do not involve hacking or data manipulation can raise concerns about privacy and data protection.
Spotlight on Examination Cybersecurity
The latest JEE Advanced-related disclosure has renewed discussions around the need for stronger cybersecurity audits, regular vulnerability assessments and tighter cloud-security practices.
With multiple examination platforms facing security-related questions within a short period, attention is increasingly shifting toward the technology infrastructure that supports India's education and testing ecosystem.
For institutions conducting high-stakes examinations, safeguarding student data is becoming just as important as conducting the exams themselves.
(With TOI inputs)
