Rylen Anil took to the social media platform X to report that a misconfigured cloud storage setup permitted unauthorized access to a significant amount of exam-related data. The problem involved cloud storage buckets set to public access, allowing data to be listed and downloaded without any authentication.
“The JEE Advanced 2026 candidate/result infrastructure had a public cloud storage misconfiguration that exposed bulk candidate data without authorization,” the post stated.
JEE Advanced 2026 candidate/result infrastructure had a public cloud storage misconfiguration exposing bulk candidate data without auth.
This led to the exposure of approximately 179.6k result records and about 187.3k admit-card PDFs, which included candidate names, dates of birth, and mobile numbers. pic.twitter.com/NUk4HGwqQP
— Rylen Anil (@DarthKermi72747) June 2, 2026
He asserted that around 1.79 lakh result records and nearly 1.87 lakh admit card PDFs were potentially compromised. The exposed data supposedly contained personal details such as names, dates of birth, and mobile phone numbers.
ALSO READ | CBSE opens class 12 re-evaluation portal a day late after cybersecurity fix
IIT Roorkee, the organizing institution, has acknowledged the problem and stated it has been addressed urgently.
It clarified that this issue was not the result of hacking but a configuration error in cloud storage. “Thank you @DarthKermy72747 for highlighting the configuration issue in the *cloud storage device*. This is being resolved as a priority.
The institute also mentioned that the data remained in ‘read-only’ mode, indicating it could be viewed but not modified. “The data stored was read-only, thus preventing any alteration. We commend your responsible and ethical conduct,” the tweet indicated.
Thank you @DarthKermy72747 for pointing out the configuration issue in the *cloud storage device*. The same is being plugged on priority. The data stored was read-only and so there was no possibility of any alteration. We applaud your responsible and ethical behaviour.
— IIT Roorkee (@iitroorkee) June 2, 2026
The data leak assertion surfaced a day after another individual claimed that CBSE’s systems had a similar cloud storage issue, with exam-related documents reportedly left unprotected online due to a flawed AWS bucket configuration.
“The vulnerability found here is similar to the one identified by @ni5arga leaking all CBSE answer scripts,” the post noted.
According to the claim, the misconfigured storage enabled public access to exam materials such as answer sheets and question papers.
The researcher stated that the system’s listing feature was accessible without authentication, allowing anyone with the link to browse and download files from the bucket. The post further alleged that multiple institutions might utilize the same storage configuration.
