CAMPUSUTRA EDITORIAL | NEW DELHI : Another security breach discovered by Gen Z for JEE Advanced data. IIT Roorkee acknowledges. Over 187,000 admit card PDFs and subject-wise result data were briefly accessible without authentication; IIT Roorkee confirms data was “read-only” with zero alteration risk.
In a significant cybersecurity development for higher education, the Indian Institute of Technology Roorkee (IIT Roorkee) has successfully patched a major cloud storage vulnerability that temporarily exposed the personal data and exam results of over 1.79 lakh candidates who appeared for the JEE Advanced 2026.
Engineering Entrance Exam 2026 -2027. B Tech last date and Application Fees
The security loophole, which allowed public access to a cloud storage device linked to the official JEE Advanced result infrastructure without any password or multi-factor authentication, was brought to light by an independent teenage cybersecurity researcher.
Beyond the NEET Fiasco: How a 17-Year-Old’s Investigation Uncovered a New Pandora’s Box in CBSE’s Marking System
Heads up, JEE Advanced 2026 Batch!
What Data Was Exposed?
According to details shared by the teen age research student on social media platform X, which has been acknowledged by IIT Roorkee, the misconfigured repository contained:
- Result Records: Approximately 179,600 highly structured data records, which included subject-wise marks, individual ranks, and personal identifiers.
- Admit Cards: Around 187,300 candidates admit cards in PDF format.
- PII (Personally Identifiable Information): Student names, exact dates of birth, and registered mobile numbers.
Shubham Kumar tops JEE Advanced 2026; 56,880 candidates qualify
The researcher also pointed out that this incident closely mirrors a separate data exposure concern from last week involving Central Board of Secondary Education (CBSE) digital answer scripts, highlighting growing concerns over the configuration of cloud infrastructures managed by premier educational bodies.
IIT Roorkee Quick to Respond and Plug the Loophole
IIT Roorkee, which serves as the organizing institute for the JEE Advanced 2026 examination, responded swiftly to the public disclosure. Acknowledging the flaw on their official social media handles, the premier institute thanked the researcher for ethically reporting the cloud storage device issue and confirmed that corrective measures were deployed on a priority basis.
IIT Jodhpur B Tech CSE Cut-offs : Opening and Closing Ranks
Importantly, the administration assured students and parents that the integrity of the examination outcomes remains perfectly intact.
IIIT Delhi Placement Rate of 89.64% for the 2026 Graduating Batch
IIT Indore B.Tech CSE Cut-offs Released: Opening and Closing Ranks
“The data stored was read-only and so there was no possibility of any alteration. We applaud your responsible and ethical behaviour,” IIT Roorkee stated in its official response.
Implications for Future Engineering Aspirants
The JEE Advanced is the definitive gateway for admissions into the prestigious Indian Institutes of Technology (IITs). While the rapid response from IIT Roorkee successfully neutralized any threat of tampering or result alteration, cybersecurity experts emphasize that exposed personal data like phone numbers and dates of birth can often be leveraged by bad actors for targeted phishing or counseling scams.
As of now, the institute has not detailed the exact duration for which the portal remained unsecured, nor have they announced whether individual notifications will be sent out to the impacted candidates. Source
Campusutra will continue to update this story as more details from the organizing
committee emerge.
