IIT Roorkee Denies JEE (Advanced) Data Breach, Calls It Cloud Misconfiguration

The Indian Institute of Technology (IIT) Roorkee has denied allegations of a large-scale data breach involving lakhs of JEE (Advanced) aspirants, saying the claims circulating online are “misleading and factually incorrect.”

The clarification comes after reports that a cybersecurity researcher, 16-year-old Rylen Anil , flagged a vulnerability in the JEE (Advanced) result portal, alleging that candidate data was accessible without proper authentication.

According to IIT Roorkee, the issue stemmed from a temporary cloud storage misconfiguration that occurred on June 2 during technical interventions aimed at improving access to admit card and registration data. The institute said this created limited, unintended access to a storage component of the system.

It clarified that the affected storage was in read-only mode , meaning no data could be modified or deleted. IIT Roorkee further stated that internal logs confirmed no bulk download or mass extraction of candidate data , and that access was restricted to a very small fraction less than 0.05% of stored information.

The institute emphasised that no sensitive information was compromised , and there was no impact on JEE (Advanced) results, rankings, or the JoSAA counselling process.

Rejecting allegations of a data breach, IIT Roorkee said the situation was quickly identified and rectified after being reported, and accused certain social media posts of misrepresenting the technical issue and spreading misinformation.

The institute reaffirmed its commitment to maintaining the security and integrity of India’s premier engineering entrance examination system.