JEE Advanced Data Leak Claims: Rylen Anil, a 16-year-old boy who identifies as a cybersecurity researcher, issued a statement on its official X handle that he does not support the claim of a "large-scale leak". He further stated that the "issue was promptly reported and swiftly fixed by IIT officials". The user on Tuesday claimed that the that personal and examination details of lakhs of Joint Entrance Examination (JEE) Advanced students were accessible without authorisation.
Rylen clarified publicly today that he had downloaded only a small number of files for verification purposes and deleted them afterwards. "This is a serious matter and should not be used to make unfounded claims or spread misinformation," he added.
1/2
— Rylen Anil (@DarthKermi72747) June 5, 2026
I have noticed claims saying all JEE candidate data was leaked. While there was a vulnerability, I have not seen evidence supporting claims of a large-scale leak.
The issue was promptly reported and swiftly fixed by IIT officials.
2/2
— Rylen Anil (@DarthKermi72747) June 5, 2026
I only downloaded a small number of files for verification purposes and deleted them afterwards.
This is a serious matter and should not be used to make unfounded claims or spread misinformation.
The Indian Institute of Technology (IIT), Roorkee, had confirmed that the JEE (Advanced) 2026 results portal faced a cloud storage configuration issue after the teenager claimed that personal and examination details of lakhs of students were accessible without authorisation. The institute on Tuesday night said the data stored was in read-only mode, with no possibility of record alteration and added that the issue was being addressed on priority.
On June 2, the 16-year-old boy had claimed that the JEE Advanced 2026 candidate portal had a public cloud storage misconfiguration exposing bulk candidate data. The user had alleged that around 1.79 lakh result records and 1.87 lakh admit card PDFs were accessible, along with personal details such as names, dates of birth and mobile numbers.
JEE Advanced 2026 candidate/result infrastructure (https://t.co/6mBpjkxH01) had a public cloud storage misconfiguration exposing bulk candidate data without auth.
— Rylen Anil (@DarthKermi72747) June 2, 2026
This exposed ~179.6k result records and ~187.3k admit-card PDFs, including candidate names, DOBs and mobile numbers. pic.twitter.com/NUk4HGwqQP
Responding to the claim, IIT-Roorkee said:
Thank you @DarthKermy72747 for pointing out the configuration issue in the *cloud storage device*. The same is being plugged on priority. The data stored was read-only and so there was no possibility of any alteration. We applaud your responsible and ethical behaviour.
— IIT Roorkee (@iitroorkee) June 2, 2026
On June 1, he peeked into the National Testing Agency's re-examination portal, claiming a super admin login bypass upon using “extremely weak credentials.” He claimed that the data exposed exam centres, candidates' names, phone numbers, and more.
NTA's Re-examination portal (https://t.co/yKhDNDCPE1) has a superadmin login bypass by using extremely weak credentials
— Rylen Anil (@DarthKermi72747) May 31, 2026
This exposes bulk user data: ~7.9k observers, 676 CCs, 5.4k CS/centers, including names, emails and phone numbers.@ni5arga pic.twitter.com/n2q4d0Egvw
On May 31, Rylen had claimed that the Central Board of Secondary Education's (CBSE) re-evaluation and photocopy portal "exposes the emails and phone numbers of over 450,000 people who had paid for the photocopy and re-evaluation" of their Class 12 answer sheets.
CBSEs Re-evaluation and photocopy portal (https://t.co/oS01bn6J2P) exposes the emails and phone numbers of any of the 450k+ people who paid for a photocopy or re-evaluation of there papers
— Rylen Anil (@DarthKermi72747) May 31, 2026
this can be done by any account registered on the platform @ni5arga @thetirthparmar pic.twitter.com/9VnDUNcoYt
In another post, Rylen had added that beyond leaking data, the bypass gives access to the super admin dashboard. A super admin dashboard is the highest-level control panel in a software system, granting unrestricted access to oversee and manage the entire platform.
Beyond leaking data, the bypass gives access to the superadmin dashboard itself. From there, the portal exposes admin functions to manage observers,
— Rylen Anil (@DarthKermi72747) May 31, 2026
It also has controls to export CSVs, generate/download appointment letters, upload templates, upload nodal officer mappings etc pic.twitter.com/7YcCNmA0tn
The JEE Advanced is the gateway for admission to undergraduate programmes at the Indian Institutes of Technology and several other premier engineering institutions across the country. The JEE Advanced 2026 results were declared on June 1.
