In yet another controversy, the Indian Institute of Technology (IIT) Roorkee is moving to protect its image following a massive data exposure incident. The vulnerability left 179,600 result records and 187,300 admit-card PDFs of students who applied for the JEE Advanced 2026 accessible online. According to media reports, a cybersecurity researcher accidentally discovered a major data exposure flaw linked to the examination. The young researcher alleged that a cloud storage misconfiguration put the personal information of thousands of students at risk over the internet.
What Is the JEE Advanced 2026 Data Leak Risk?
On June 2, a 16-year-old cybersecurity researcher who goes by the online handle “DarthKermy” discovered a cloud storage misconfiguration linked to the JEE Advanced 2026 results and student admit cards. This major data exposure allowed anyone to view the personal information of candidates without requiring a login or password. On his social media account, the researcher claimed that the accessible documents contained sensitive information, including candidates’ full names, dates of birth, mobile numbers, and other personal details.
What IIT Roorkee Said
IIT Roorkee, the conducting institute for the JEE Advanced 2026 examination, acknowledged the issue and confirmed that corrective measures were immediately taken to secure the data. “Thank you @DarthKermy72747 for pointing out the configuration issue in the cloud storage device. The same is being plugged on priority. The data stored was read-only, so there was no possibility of any alteration. We applaud your responsible and ethical behaviour,” IIT Roorkee wrote on X.
The institute emphasized that because the stored data was read-only, it could not be altered or modified by unauthorized users, even though it was accessible for viewing. While no malicious data tampering has occurred, the full extent of the data exposure threat remains unclear.
JEE Advanced 2026 candidate/result infrastructure (https://t.co/6mBpjkxH01) had a public cloud storage misconfiguration exposing bulk candidate data without auth.
This exposed ~179.6k result records and ~187.3k admit-card PDFs, including candidate names, DOBs and mobile numbers. pic.twitter.com/NUk4HGwqQP
— Rylen Anil (@DarthKermi72747) June 2, 2026
The CBSE OSM Row
This incident comes at a time when the country is already gripped by the CBSE On-Screen Marking controversy. The newly introduced evaluation system by the board has faced heavy criticism from both students and parents. The re-evaluation and verification portal launched by the board was plagued by technical glitches, cybersecurity vulnerabilities, and questions regarding the tendering process for the OSM system. Following these allegations, the government transferred CBSE Chairman Rahul Singh and Secretary Himanshu Gupta, and an official inquiry has been launched into the procurement of the OSM system.
