- Cloud storage misconfiguration linked to JEE Advanced 2026 exposed candidate data online without login
- Researcher Rylen Anil revealed public access to 1.79 lakh result records and 1.87 lakh admit card PDFs
- Exposed data included candidate names, birth dates, and mobile numbers but was read-only and unaltered
A cybersecurity researcher has claimed that a cloud storage configuration issue linked to JEE Advanced 2026 may have exposed candidate-related data online without authentication. The claim, shared on social media platform X, has drawn attention after IIT Roorkee publicly responded to the report and said the issue was being addressed on priority.
The matter came to light when Dubai-based cybersecurity researcher Rylen Anil posted details of an alleged cloud storage misconfiguration associated with JEE Advanced 2026 result infrastructure. According to the post, a publicly accessible storage location reportedly exposed a large number of candidate records and admit card PDFs.
The researcher claimed that approximately 1.79 lakh result records and around 1.87 lakh admit card PDFs could be accessed without authentication. He alleged that the exposed information included candidate names, dates of birth and mobile numbers.
Screenshots shared in the post appeared to show lists of admit card files and candidate-related data. The researcher said the issue was caused by a cloud storage configuration error rather than a breach involving alteration of records.
A few hours after the post gained attention, IIT Roorkee responded publicly on X. In its reply, the institute thanked the researcher for highlighting the issue and acknowledged that there was a configuration problem in the cloud storage system.
"Thank you for pointing out the configuration issue in the cloud storage device. The same is being plugged on priority," IIT Roorkee wrote in its response.
Thank you @DarthKermy72747 for pointing out the configuration issue in the *cloud storage device*. The same is being plugged on priority. The data stored was read-only and so there was no possibility of any alteration. We applaud your responsible and ethical behaviour.
— IIT Roorkee (@iitroorkee) June 2, 2026
The institute also stated that the data stored in the affected location was in read-only mode and therefore there was no possibility of any alteration or modification of the records.
IIT Roorkee further appreciated the researcher's responsible disclosure of the issue and described his actions as ethical and responsible.
As of now, no official statement has been issued regarding the extent of the alleged exposure or whether any candidate data was accessed by unauthorised individuals. The institution's response indicates that corrective measures were initiated soon after the issue was reported.
The development comes shortly after the declaration of JEE Advanced 2026 results, one of the country's most closely watched entrance examinations for admission to the Indian Institutes of Technology (IITs).