IIT Roorkee has officially acknowledged a data exposure issue on the JEE Advanced 2026 result portal that briefly made the personal records of nearly 1.8 lakh candidates publicly accessible without authentication.
The security vulnerability was discovered and ethically reported on June 2, 2026, by a 16-year-old cybersecurity researcher named Rylen Anil
The JEE Advanced 2026 Data Leak, JEE Advanced Result 2026, IIT Roorkee Data Exposure, JEE Advanced Candidate Data Breach, JEE Advanced 2026 Latest News, JoSAA Counselling 2026, and JEE Advanced Rank Card 2026 have emerged among the most searched education-related topics after IIT Roorkee officially acknowledged a security vulnerability that exposed candidate information on the JEE Advanced 2026 result portal.
The incident came to light just days after the declaration of the JEE Advanced 2026 results. While IIT Roorkee has clarified that marks, ranks, and seat allocation data remain completely safe from tampering, the exposure of personal information belonging to nearly 1.8 lakh candidates has raised serious concerns regarding student privacy and cybersecurity in India’s examination ecosystem.
Manabadi is one of India’s most trusted educational portals, providing students with the latest updates on entrance examinations, results, counselling schedules, admissions, hall tickets, answer keys, and recruitment notifications.
Students can rely on Manabadi for timely updates regarding JEE Advanced, JoSAA Counselling, NEET, KCET, AP EAMCET, TS EAMCET, ICET, POLYCET, SSC, Banking, Railway, and various university examinations across India.
Contents
- 0.1 JEE Advanced 2026 Data Leak: Overview
- 0.2 What Happened in the JEE Advanced 2026 Data Leak?
- 0.3 How Was the Security Vulnerability Discovered?
- 0.4 What Information Was Exposed?
- 0.5 Could Marks or Ranks Be Changed?
- 0.6 Did the Data Leak Affect JoSAA Counselling 2026?
- 0.7 What Are the Risks for Students?
- 1 What Should JEE Advanced 2026 Candidates Do Now?
JEE Advanced 2026 Data Leak: Overview
| Particulars | Details |
|---|---|
| Exam Name | JEE Advanced 2026 |
| Conducting Institute | IIT Roorkee |
| Result Date | June 1, 2026 |
| Data Exposure Discovered | June 2, 2026 |
| Security Patch Deployed | June 3, 2026 |
| Researcher | Rylen Anil (16-year-old Ethical Hacker) |
| Candidate Records Exposed | Approximately 179,600 |
| Admit Card PDFs Exposed | Approximately 187,300 |
| Data Type Exposed | Names, Mobile Numbers, Date of Birth, Marks, Ranks |
| Data Modification Possible? | No |
| JoSAA Counselling Impact | No Impact |
| Current Status | Security Issue Patched |
What Happened in the JEE Advanced 2026 Data Leak?
According to IIT Roorkee’s official acknowledgement, the issue was not caused by an external cyberattack or hacking attempt. Instead, the exposure resulted from a cloud storage configuration error associated with the JEE Advanced 2026 result infrastructure.
The affected repository was linked to the results subdomain used during the publication of JEE Advanced 2026 results. Due to incorrect access permissions, certain folders became publicly accessible without requiring candidate authentication.
As a result, anyone with knowledge of the directory structure could potentially access files stored within the repository without entering login credentials.
How Was the Security Vulnerability Discovered?
The vulnerability was identified on June 2, 2026, by Rylen Anil, a 16-year-old cybersecurity researcher who responsibly disclosed the issue after discovering the exposed storage repository.
Rather than exploiting the flaw, the researcher informed the concerned authorities and publicly highlighted the issue through responsible disclosure channels.
IIT Roorkee later acknowledged the report and thanked the researcher for bringing the security concern to their attention.
What Information Was Exposed?
Reports indicate that the exposed repository contained a significant volume of candidate-related information.
The reportedly accessible data included:
- Candidate Names
- Date of Birth
- Mobile Numbers
- Roll Numbers
- Registration IDs
- Subject-wise Marks
- Total Marks
- All India Rank (AIR)
- Category Rank
- Qualification Status
- Examination Centre Codes
- Candidate Photographs
- Digital Signatures
- Admit Card PDFs
The exposure involved approximately 179,600 candidate records and nearly 187,300 admit card documents.
Could Marks or Ranks Be Changed?
No.
IIT Roorkee has clearly stated that the exposed repository was configured as a read-only storage environment.
This means:
- Marks could not be modified.
- Rankings could not be altered.
- Result data could not be deleted.
- Seat allocation systems remained unaffected.
- JoSAA counselling data was not compromised.
Candidates can therefore be assured that their JEE Advanced 2026 scores and rankings remain valid and unchanged.
Did the Data Leak Affect JoSAA Counselling 2026?
No.
The Joint Seat Allocation Authority (JoSAA) counselling platform operates independently from the exposed storage repository.
Students participating in the counselling process can continue their admission activities without concern regarding rank validity or seat allotment.
Candidates can check the latest counselling schedule, choice filling process, and seat allocation updates through Manabadi’s JoSAA counselling page.
What Are the Risks for Students?
Although academic records remain secure, cybersecurity experts have warned that the exposure of personal information may increase the risk of targeted scams.
Students should remain alert against:
- Fake IIT admission offers
- Fraudulent counselling assistance calls
- Phishing SMS messages
- Fake JoSAA websites
- Scam WhatsApp groups
- Unauthorized admission consultants
Because candidate names, mobile numbers, and ranks may have been exposed, scammers could attempt to use this information to gain trust and deceive aspirants.
What Should JEE Advanced 2026 Candidates Do Now?
Candidates are advised to take the following precautions:
- Access counselling portals only through official websites.
- Avoid sharing OTPs with anyone.
- Do not trust calls promising guaranteed IIT seats.
- Verify every counselling-related communication.
- Ignore links received through unknown SMS messages.
- Change passwords associated with examination accounts if applicable.
- Monitor mobile messages and emails for suspicious activity.
IIT Roorkee’s Official Response
IIT Roorkee responded quickly after the issue was reported.
The institute publicly acknowledged the vulnerability, thanked the ethical hacker who reported it, and implemented immediate corrective measures to restrict access to the affected repository.
Officials have reiterated that the incident involved data exposure rather than data manipulation and that no candidate results were altered.
Growing Concerns About Examination Cybersecurity
The JEE Advanced 2026 data exposure has intensified discussions around cybersecurity standards in India’s examination ecosystem.
The incident comes at a time when digital examination systems are facing increased scrutiny regarding data protection, infrastructure security, and privacy safeguards.
Experts believe that stronger cloud security audits, regular vulnerability assessments, and stricter access controls will be essential to prevent similar incidents in the future.
JEE Advanced 2026 Data Leak: Key Takeaways
The JEE Advanced 2026 data leak exposed personal candidate information due to a cloud storage misconfiguration, affecting nearly 1.8 lakh student records. IIT Roorkee has confirmed that the issue has been resolved and clarified that marks, ranks, and JoSAA counselling processes remain completely unaffected. While students do not need to worry about their examination outcomes, they should remain vigilant against potential phishing attempts and admission-related scams in the coming weeks.