NEW DELHI: JEE (Advanced) authorities on Friday said a cloud storage misconfiguration identified by an ethical hacker earlier this week did not result in any mass extraction of candidate data and had no impact on examination records, results or rankings. The clarification came after social media claims that candidate records and admit card documents linked to JEE (Advanced) 2026 had been exposed through a cloud storage vulnerability.In a statement, IIT-Roorkee, which is conducting JEE (Advanced) 2026, said the issue arose during technical interventions undertaken on June 2 to assist candidates facing difficulties in accessing admit cards and to ensure smooth functioning of the registration process.“An ethical hacker, Rylen Anil, identified this misconfiguration and reported that he could access the database. The issue was immediately rectified and access to the data was restricted,” it said.According to IIT Roorkee, the affected storage was read-only, making it impossible for data to be altered or deleted. It said cloud access logs showed no evidence of bulk downloads and that access was limited to “less than 0.05% of the data”.Education ministry also rejected reports suggesting a large-scale breach. “As per the clarification issued by IIT Roorkee, the ministry reiterates that no sensitive information was compromised, and the exam outcomes, marks, and candidate information remain completely secure, intact, and safe,” it said.The controversy began after Dubai-based cybersecurity researcher Rylen Anil, 16, posted on X that a cloud storage misconfiguration had allegedly exposed candidate records and admit-card PDFs. IIT Roorkee publicly acknowledged the report and thanked him for responsibly disclosing the issue.Anil cautioned against exaggerated claims. “While there was a vulnerability, I have not seen evidence supporting claims of a large-scale leak. The issue was promptly reported and swiftly fixed by IIT officials.”
Leave a Reply