JEE Advanced 2026: The Indian Institute of Technology (IIT) Roorkee on Thursday strongly rejected claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants, describing them as "misleading" and "factually incorrect."
In a detailed statement posted on social media platform X, the institute said information being circulated on social media does not accurately reflect what transpired and alleged that attempts were being made to spread misinformation about the incident.
IIT Roorkee explained that on June 2, 2026, certain technical interventions were undertaken on an expedited basis to assist candidates facing difficulties in accessing admit card data and to ensure the smooth functioning of the registration process. According to the institute, these interventions resulted in a minimal and temporary misconfiguration in a cloud storage component.
The institute said that an ethical hacker, Rylen Anil, identified the misconfiguration and reported that he was able to access the concerned database. IIT Roorkee said the issue was immediately rectified and access to the data was restricted.
"The affected storage was read-only, meaning no data could be edited or deleted. An analysis of cloud access logs confirmed that no bulk download occurred, with read-only access limited to less than 0.05% of the data. No sensitive information was compromised or mass-extracted. This incident had zero impact on examination outcomes, including marks, ranks and category of the candidates," the institute said.
Reiterating its commitment to maintaining the integrity of the admission process, IIT Roorkee said, "IIT Roorkee remains fully committed to maintaining the integrity, security and transparency of the JEE (Advanced) and JoSAA counselling processes. Deliberate attempts to misrepresent this technical event and undermine public trust in the examination system are deeply concerning and should be discouraged."
The institute added that the JEE (Advanced) team remains focused on ensuring a smooth and secure admission process for aspirants seeking entry to the IITs and the Indian Institute of Science (IISc).
Claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants are misleading and factually incorrect.
— IIT Roorkee (@iitroorkee) June 5, 2026
The information circulating on social media is misleading and does not accurately reflect what happened. There is an attempt at spreading…
Meanwhile, Rylen Anil, who had earlier raised concerns about a vulnerability in the JEE portal, also issued a clarification on Thursday, stating that he had not found evidence of a large-scale data leak.
"I have noticed claims saying all JEE candidate data was leaked. While there was a vulnerability, I have not seen evidence supporting claims of a large-scale leak. The issue was promptly reported and swiftly fixed by IIT officials," he said.
Rylen further stated that he had downloaded only a limited number of files to verify the vulnerability and had subsequently deleted them.
"I only downloaded a small number of files for verification purposes and deleted them afterwards. This is a serious matter and should not be used to make unfounded claims or spread misinformation," he added.
