05 June,2026 04:44 PM IST | New Delhi | mid-day online correspondent
IIT-Roorkee said attempts were being made to spread misinformation. PIC/X
Claims of a data breach and privacy violation affecting lakhs of Joint Entrance Examination (Advanced) aspirants are "misleading and factually incorrect", the Indian Institute of Technology (IIT)-Roorkee said on Friday, asserting that no sensitive information was compromised or mass-extracted following a temporary cloud storage misconfiguration.
IIT-Roorkee, which conducted the examination this year, said information circulating on social media did not accurately reflect the incident and alleged that attempts were being made to spread misinformation.
JEE (Advanced) serves as the gateway for admission to undergraduate programmes at IITs and several other premier engineering institutions across the country.
In a series of posts on X, IIT-Roorkee said, "Claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants are misleading and factually incorrect. The information circulating on social media is misleading and does not accurately reflect what happened. There is an attempt at spreading misinformation, which is far from the truth."
According to the institute, certain technical interventions were carried out on an expedited basis on Tuesday to assist candidates facing difficulties in accessing admit card data and to ensure the smooth functioning of the registration process.
It said these interventions resulted in a "minimal, temporary misconfiguration" in a cloud storage component, which was identified and reported by ethical hacker Rylen Anil.
"An ethical hacker, Mr Rylen Anil, identified this misconfiguration and reported that he could access the concerned database. The issue was immediately rectified, and access to the data was restricted," the institute said.
The affected storage was in "read-only" mode, meaning no data could be edited or deleted, IIT-Roorkee said, adding that an analysis of cloud access logs confirmed that no bulk download had taken place.
"The affected storage was read-only, meaning no data could be edited or deleted. An analysis of cloud access logs confirmed that no bulk download occurred (the read-only access was limited to less than 0.05 per cent of the data)," it further stated.
The institute also maintained that "no sensitive information was compromised or mass-extracted" and that the incident had "zero impact on examination outcomes, including marks, ranks, and category of the candidates".
Reaffirming its commitment to the examination process, IIT-Roorkee said it remains fully committed to maintaining the integrity, security, and transparency of the JEE (Advanced) and Joint Seat Allocation Authority (JoSAA) counselling processes.
"Deliberate attempts to misrepresent this technical event and undermine public trust in the examination system are deeply concerning and should be discouraged," it stated, adding, "The JEE (Advanced) team looks forward to supporting every aspirant through a smooth and secure admission process into IITs and IISc."
Earlier, IIT-Roorkee had confirmed that the JEE (Advanced) 2026 results portal experienced a cloud storage configuration issue after a teenager who identifies as a cybersecurity researcher claimed that personal and examination-related details of lakhs of students were accessible without authorisation.
The clarification came after Rylen, a 16-year-old cybersecurity researcher, posted on X alleging that the public cloud storage endpoint of the results portal was accessible without authentication, exposing bulk candidate data.
On Tuesday night, the institute said the data was stored in read-only mode with no possibility of records being altered, and added that the issue was being addressed on priority.
(With PTI inputs)
