Two days after the declaration of the JEE Advanced 2026 results, the Indian Institute of Technology (IIT) Roorkee acknowledged a cloud storage configuration issue linked to the examination's result infrastructure following allegations that candidate-related records were publicly accessible online. The institute has stated that corrective measures are being implemented on priority and has clarified that the exposed data was stored in a read-only format, preventing any modification of records.
The issue came to light after a cybersecurity researcher, Rylen Anil, raised concerns on the social media platform X regarding a publicly accessible cloud storage endpoint allegedly associated with the JEE Advanced 2026 result system. According to the researcher, the cloud storage had been configured in a manner that allowed access without authentication, potentially exposing a significant volume of candidate-related information.
In a series of posts, the researcher claimed that the exposed storage contained approximately 179,600 result records and nearly 187,300 admit card PDF files linked to JEE Advanced 2026 candidates. The alleged exposure reportedly included personal details such as candidate names, dates of birth, mobile numbers, examination-related information, subject-wise scores, and ranks.
To support the claims, screenshots were shared online that appeared to display directories containing admit card PDFs and structured result datasets. Some images purportedly showed candidate information, while others contained examination-related data with portions of the information redacted. The researcher described the issue as a cloud storage misconfiguration and compared it to recent concerns raised regarding digital examination infrastructure used by other educational bodies.
The development has attracted considerable attention because JEE Advanced is one of India's most competitive entrance examinations and involves the processing of sensitive information belonging to thousands of engineering aspirants seeking admission to the Indian Institutes of Technology (IITs).
Unlike several recent cybersecurity allegations involving examination-related systems, the concerns surrounding the JEE Advanced 2026 infrastructure received a direct public response from IIT Roorkee, the organising institute for this year's examination.
Responding through its official social media account, IIT Roorkee acknowledged the existence of a configuration issue related to a cloud storage device associated with the examination infrastructure. The institute thanked the researcher for responsibly reporting the matter and confirmed that the issue was being addressed immediately.
In its response, IIT Roorkee stated that the configuration issue was being rectified on priority. The institute further clarified that the data stored within the affected system was read-only in nature, meaning there was no possibility of records being altered or manipulated through the exposed infrastructure. The institute also commended what it described as the researcher's responsible and ethical disclosure of the issue.
While IIT Roorkee confirmed the existence of a configuration problem, it did not independently verify the scale of the alleged exposure or confirm the exact number of records and documents cited by the researcher. The latest disclosure comes amid heightened scrutiny of digital examination platforms in India. In recent weeks, concerns have been raised regarding cybersecurity and technical vulnerabilities in several education-related systems, including discussions around CBSE's On-Screen Marking (OSM) framework and allegations involving the National Testing Agency's re-examination portal infrastructure.
The incident has emerged shortly after the announcement of the JEE Advanced 2026 results. According to official data, a total of 1,79,694 candidates appeared for both papers of JEE Advanced 2026, out of which 56,880 candidates qualified for admission consideration. Shubham Kumar from the IIT Delhi zone secured All India Rank (AIR) 1.