A 16-year-old cybersecurity researcher has brought a major security concern involving the JEE Advanced 2026 results portal to light, prompting IIT Roorkee to take swift corrective action.
The issue came to public attention after Rylen Anil, a young ethical hacker known online as @DarthKermy72747, claimed he had discovered a cloud storage misconfiguration that exposed sensitive candidate data without authentication.
What Did The Teen Researcher Find?
According to Rylen, the JEE Advanced 2026 candidate results infrastructure contained a publicly accessible cloud storage configuration that allowed access to a large volume of candidate information.
He alleged that the exposure included approximately:
- 179,600 candidate result records
- 187,300 admit card PDF files
- Candidate names
- Dates of birth
- Mobile phone numbers
The researcher publicly disclosed the issue through social media while following responsible disclosure practices.
IIT Roorkee Responds Quickly
IIT Roorkee, the organising institute for JEE Advanced 2026, acknowledged the issue and confirmed that immediate action was taken.
In a statement posted on X, the institute thanked the researcher for reporting the vulnerability and clarified that the exposed data was read-only.
“Thank you for pointing out the configuration issue in the cloud storage device. The same is being plugged on priority. The data stored was read-only and there was no possibility of alteration. We appreciate your responsible and ethical behaviour,” IIT Roorkee said.
Following the institute’s response, Rylen thanked the authorities for acting quickly and expressed hope for continued collaboration on responsible cybersecurity research.
Growing Spotlight On Exam Technology Systems
The incident comes at a time when examination technology platforms across India are facing increased scrutiny.
Questions surrounding digital evaluation systems, online result infrastructure and examination data security have intensified in recent weeks following controversies involving the CBSE’s On-Screen Marking (OSM) platform.
Education experts have repeatedly stressed the importance of strong cybersecurity safeguards as millions of students increasingly depend on digital examination and evaluation systems.
CBSE Controversy Adds To Concerns
The JEE Advanced security disclosure coincides with ongoing developments involving CBSE’s evaluation system.
The Education Ministry has ordered a detailed inquiry into the procurement process linked to CBSE’s On-Screen Marking platform operated by Hyderabad-based Coempt EduTeck.
Adding to the controversy, 17-year-old student researcher Sarthak Sidhant recently appeared before a Parliamentary Standing Committee and presented allegations of irregularities in the tender process.
The committee is currently reviewing the implementation of the OSM system as well as broader concerns related to examination transparency and technology governance.
Why The Incident Matters
While IIT Roorkee has stated that the exposed data could not be modified, cybersecurity experts note that unauthorised access to personal information remains a serious concern.
The episode highlights the growing role of young ethical hackers in identifying security weaknesses before they can be exploited by malicious actors.
It also serves as a reminder of the critical need for regular security audits, robust cloud configurations and stronger safeguards across India’s rapidly expanding digital education ecosystem.
