Serious concerns have been raised over the security of the CBSE website, with several individuals pointing to alleged loopholes and vulnerabilities in the system. NDTV spoke to cyber expert Sakshar Duggal about the allegations and the broader security concerns surrounding the website.
Questions continue to be raised over claims that ethical hackers were able to access parts of the CBSE system. Cyber experts say the issue appears to be less about sophisticated hacking and more about alleged security weaknesses that may have left sensitive information exposed.
Here are the questions we asked and his detailed responses:
Was the CBSE system hacked?
According to cyber experts, the allegations point more towards serious security lapses than a traditional cyberattack. The concern is that certain information may have been accessible without advanced hacking techniques because basic security controls were allegedly missing.
How was access allegedly gained?
The main concern revolves around how some web links were configured. Reports suggest that if a person had access to a specific URL, they could allegedly view records without being asked for a password or additional authentication.
In a properly secured system, sensitive records should only be accessible after successful login and verification.
What vulnerabilities were allegedly present?
Screenshots circulating online suggest that access controls may not have been implemented correctly. Student-related documents, files, and records were reportedly accessible through direct links.
Experts say the issue was not about breaking through security barriers but about certain security measures allegedly not being in place where they should have been.
Why is a publicly accessible URL a concern?
Normally, students should only be able to access their records after logging in with authorised credentials.
However, if a URL can simply be copied and shared with another person, and that person can access the same records without authentication, privacy protections effectively fail.
How much data could have been exposed?
The concern is that personal information, answer sheets, academic records, and other student-related data may have been accessible through publicly reachable links.
If authentication checks are missing, the risk may extend beyond individual records and potentially affect a much larger volume of data.
Could an ordinary person access such information?
A person without technical knowledge may not immediately know where to look. However, experts say that someone with a basic understanding of websites and URLs could potentially identify and access exposed links if proper safeguards are absent.
The alleged vulnerability reportedly did not require highly specialised technical skills.
What risks does exposed student data create?
Cybercriminals who gain access to personal information can potentially download records, build databases of student information, launch phishing attacks, facilitate identity theft or trade the data through illegal channels.
Once personal information is exposed, it becomes difficult to control how that data may be used in the future.
Why is this especially serious for students?
Many of the records belong to students, including minors. Educational records, personal details, and contact information require a higher level of protection because misuse can have long-term consequences for those affected.
What lessons does this incident highlight?
Cyber experts say the incident underlines the importance of basic cyber hygiene. Even advanced technology can fail if fundamental security measures such as authentication checks, access controls and regular security audits are not properly implemented.
The key lesson is simple: sensitive data should never be accessible through publicly shareable links without adequate security protection.