Rylen Anil, a 16-year-old Dubai-based cybersecurity researcher, has successfully exposed a massive data security loophole on the JEE Advanced 2026 results portal.
On 2nd June 2026, the Class 12 student flagged a public cloud storage misconfiguration that left the personal details of nearly 1.8 lakh candidates accessible without any password or authentication. The organizing institution, Indian Institute of Technology (IIT) Roorkee, reacted promptly by acknowledging the technical glitch and initiating corrective measures to secure the portal. While the exposure included sensitive student information such as names, mobile numbers, and dates of birth, officials confirmed that the stored files were in a read-only format, completely eliminating the risk of anyone altering or tampering with the examination records.
Exposing The Digital Chink In High-Stakes Testing
The young ethical hacker discovered that the public cloud storage endpoint was openly accessible, potentially exposing approximately 179,600 result records and 187,300 admit-card PDFs.
Highlighting the flaw publicly on X (formerly Twitter), Rylen pointed out how easily an unauthenticated user could view bulk student details. Unlike past instances of data vulnerabilities where authorities remained defensive, IIT Roorkee actively engaged with the teenager. Acknowledging the issue on their official social media handle, IIT Roorkee stated, “Thank you for pointing out the configuration issue in the cloud storage device. The same is being plugged on priority. The data stored was read-only and so there was no possibility of any alteration. We applaud your responsible and ethical behaviour.”
A Pattern Of Vulnerabilities Across India’s Education Ecosystem
This incident is not an isolated event but rather the latest in a troubling sequence of cybersecurity lapses clouding India’s premier examination boards.
Within a span of just five days, Rylen Anil had also flagged a critical bypass flaw in the National Testing Agency’s (NTA) NEET-UG re-examination portal, which forced the agency’s Director General, Abhishek Singh, to personally step in and temporarily suspend the portal for a backend overhaul. Furthermore, these revelations come alongside recent massive scrutiny faced by the Central Board of Secondary Education (CBSE) regarding security vulnerabilities in its digital On-Screen Marking (OSM) system. This wave of disclosures by teenage whistleblowers has triggered intense national conversations, compelling parliamentary panels to review how securely state-run examination bodies manage sensitive student infrastructure.
The Logical Indian’s Perspective
At The Logical Indian, we believe that safeguarding the personal data of millions of young students is as vital as the fair execution of the examination itself.
It is highly encouraging to witness public institutions like IIT Roorkee shifting away from institutional denial and choosing instead to publicly applaud, collaborate with, and respect the constructive efforts of young ethical hackers. In a world where digital infrastructure handles our most sensitive lifelines, we need transparency, timely dialogue, and proactive corrections rather than defensive secrecy. Our young minds possess incredible potential; when nurtured as allies rather than outcasts, they can act as the strongest shields for our digital democracy.
Also Read: Living Apart for 15 Years? Supreme Court Says Dead Marriages Don’t Need to Be Preserved
