Back

IIT Roorkee Denies JEE Advanced 2026 Data Breach Claims

Severity: Low (Score: 27.0)

Sources: Scroll.In, Tribuneindia, Livemint, Thehawk.In, Bignewsnetwork

Published: 2026-06-05 · Updated: 2026-06-05

Keywords: data, roorkee, advanced, breach, claims, misleading, affecting

Severity indicators: breach, data breach

Summary

On June 5, 2026, IIT Roorkee and the Ministry of Education refuted claims of a data breach affecting JEE Advanced 2026 candidates. A temporary cloud storage misconfiguration was reported by ethical hacker Rylen Anil, allowing limited read-only access to less than 0.05% of candidate data. IIT Roorkee clarified that no sensitive information was compromised and that the incident had zero impact on examination outcomes, including marks and ranks. The Ministry emphasized that the circulating information was misleading and factually incorrect. The controversy arose after social media claims suggested a significant breach affecting approximately 2 lakh students. The institute took immediate corrective actions to secure the data and maintain the integrity of the examination process. The incident has led to public scrutiny and political demands for accountability from the Education Minister. Key Points: • IIT Roorkee confirmed a temporary cloud misconfiguration but stated no sensitive data was compromised. • The affected data was read-only, limiting exposure to less than 0.05% of candidate records. • The Ministry of Education labeled the breach claims as misleading, emphasizing the integrity of the examination process.

Detailed Analysis

**Impact** Approximately 1.79 lakh candidates who appeared for JEE (Advanced) 2026 were potentially affected by a temporary cloud storage misconfiguration. The exposed data included admit card details and examination-related information such as names, dates of birth, and mobile numbers. IIT Roorkee and the Ministry of Education confirmed no sensitive information was compromised or mass-extracted, and examination outcomes, including marks, ranks, and categories, remained intact. The incident is limited to the Indian higher education sector, specifically impacting candidates seeking admission to IITs nationwide. **Technical Details** The incident involved a temporary misconfiguration of a public cloud storage endpoint linked to the JEE (Advanced) 2026 results portal, which allowed unauthenticated read-only access to less than 0.05% of stored data. The storage was configured as read-only, preventing data alteration or deletion. The vulnerability was identified and responsibly disclosed by a 16-year-old ethical hacker, Rylen Anil, and was promptly remediated on June 2, 2026. No malware, CVEs, or further attack infrastructure details were reported. **Recommended Response** Ensure cloud storage configurations enforce strict access controls and authentication, particularly for sensitive examination data. Monitor cloud access logs for unauthorized or anomalous access patterns and verify read/write permissions regularly. Implement responsible disclosure channels to facilitate timely reporting and remediation of vulnerabilities. No specific patches or IOCs were provided; defenders should maintain vigilance on cloud environment configurations and access audit trails.

Source articles (12)

  • JEE Advanced 2026 Data Breach: CJP Demands Dharmendra Pradhan's Resignation — Outlookindia · 2026-06-04
    The Cockroach Janata Party (CJP) has demanded the sacking of Education Minister Dharmendra Pradhan following a JEE Advanced 2026 data exposure incident affecting 2 lakh students. The CJP has demanded…
  • JEE-Advanced data breach claims misleading, factually incorrect: IIT Roorkee — Tribuneindia · 2026-06-05
    Claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants are "misleading and factually incorrect", IIT Roorkee said on Friday, asserting that no sensitive information…
  • 'Far from the truth': IIT Roorkee says 'JEE — Livemint · 2026-06-05
    The Indian Institute of Technology (IIT) Roorkee on Friday dismissed allegations of a data breach and privacy lapse affecting lakhs of JEE (Advanced) aspirants, describing the claims as misleading and…
  • IIT Roorkee denies JEE Advanced data breach claims — Awazthevoice.In · 2026-06-05
    IIT Roorkee on Friday refuted claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants, calling them "misleading and factually incorrect." In a post on X, the institut…
  • IIT Roorkee Refutes JEE Advanced Data Breach Allegations, Calls Social Media Claims Misleading — Ground.News · 2026-06-05
    IIT Roorkee has refuted claims of a data breach and privacy violation of JEE Advanced aspirants. The Institute has issued clarification on the same. Institute says an ethical hacker flagged a temporar…
  • IIT Roorkee denies JEE (Advanced) data breach claims — Newsarenaindia · 2026-06-05
    Indian Institute of Technology Roorkee on Friday dismissed allegations of a data breach affecting lakhs of JEE (Advanced) aspirants, describing claims circulating on social media as “misleading and fa…
  • IIT Roorkee refuses claims of data breach affecting JEE (Advanced) aspirants — Bignewsnetwork · 2026-06-05
    New Delhi [India], June 5 (ANI): IIT Roorkee on Friday refuted claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants, calling them 'misleading and factually incorre…
  • JEE (Advanced) 2026: IIT-Roorkee terms data breach allegations misleading, factually incorrect — Mid-Day · 2026-06-05
    Updated On: 05 June, 2026 04:44 PM IST | New Delhi | mid-day online correspondent IIT Roorkee has rejected allegations of a large-scale data breach affecting JEE (Advanced) aspirants, stating that a t…
  • JEE Advanced 2026 Data Breach Claims Misleading, No Sensitive Data Compromised ... — Outlookindia · 2026-06-05
    IIT Roorkee and the Ministry of Education say a temporary cloud-storage misconfiguration was fixed promptly and did not affect candidate data, marks or rankings. IIT Roorkee and the Ministry of Educat…
  • Education ministry denies reports of data breach of candidates for JEE (Advanced) exam — Scroll.In · 2026-06-05
    The Union Ministry of Education on Friday denied reports that data of those who appeared for the Joint Entrance Exam (Advanced) had been breached. The claims were misleading and factually incorrect, s…
  • 'Misleading, factually incorrect': Education Ministry on allegation of JEE (Advanced) exam ... — Thehawk.In · 2026-06-05
    New Delhi, June 5 (IANS) The Union Education Ministry on Friday dismissed allegations of data breach in Joint Entrance Examination (Advanced) results, deprecating attempts to undermine public trust in…
  • "Not Large-Scale Leak": 16-Year-Old Student On JEE Data Leak Claims — www.ndtv.com · 2026-06-05

Timeline

  • 2026-06-02 — Cloud storage misconfiguration identified: Technical interventions to assist candidates led to a temporary misconfiguration allowing limited access to candidate data.
  • 2026-06-05 — IIT Roorkee denies data breach claims: The institute stated that claims of a data breach affecting lakhs of candidates were misleading and factually incorrect.
  • 2026-06-05 — Ministry of Education supports IIT Roorkee's statement: The Ministry reiterated that no sensitive information was compromised and that the examination outcomes remained secure.
  • 2026-06-05 — Political backlash from Cockroach Janata Party: CJP demanded the resignation of Education Minister Dharmendra Pradhan over the alleged data exposure incident.

Related entities

  • Data Breach (Attack Type)
  • IIT Roorkee (Company)
  • Indian Institute Of Technology, Roorkee (Company)
  • Joint Seat Allocation Authority (Company)
  • Ministry Of Education (Company)
  • National Testing Agency (Company)
  • Education (Company)
  • X (Company)
  • India (Country)
  • United States (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-287 - Improper Authentication (Cwe)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed