.jpg)
Almost 1.79 Lakh JEE Advanced Candidates' Data Stolen
JEE Advanced 2026 has found itself mired in yet another cybersecurity imbroglio after JEE Advanced 2026 candidates’ personal data and examination data for as many as 1.79 lakh candidates are reported to have been leaked due to a breach in the examination’s digital infrastructure. The case has drawn attention to IIT Roorkee, the organising institute of JEE Advanced 2026 and has raised further issues with regard to the security of the high-stakes examination systems in India.
As per the reports, a cybersecurity expert discovered a security issue concerning a subdomain of JEE Advanced that allegedly circumvented security and made available personal data of candidates posted to a cloud server. It is reported that a security issue with a cloud storage system gave unauthorised access to admit cards, results and personal data of candidates.
This incident came to light soon after the JEE Advanced 2026 results were published by IIT Roorkee. This year, there were 1,79,694 candidates who appeared for both Paper 1 and Paper 2, which is one of the largest JEE Advanced candidate cohorts in the last few years.
IIT Roorkee Comments on Reported Vulnerability
It is reported that IIT Roorkee was the first to respond to the system alert after being contacted by the researcher, to secure the system, while thanking the researcher for reporting the issue. It is said that the institute enacted countermeasures to prevent unauthorised access, and though, to date, IIT Roorkee has not made statements on the number of accessed records, officials are noting that there is a possibility of records being accessed.
Cybersecurity analysts indicate that, in this case, a more traditional attack that incurs an unauthorised system intrusion does not appear, but rather data exposure by a cloud configuration. Despite this type of exposure, the case has raised the standard for data protection of educational services that manage records of data pertaining to students and practitioners.
This case, which has garnered increasing attention, highlights the need for educational services and exam administration to strengthen their digital security systems to protect student data.
Why This is Important for Students
JEE Advanced is among the top competitive exams in India, deciding entrance to the IITs. In this exam, candidates are required to provide personal data, documented proof, data pertaining to the exam, and exam results.
Highlights of the Incident
- For JEE Advanced 2026, about 1.79 lakh candidates registered.
- Reportedly, the vulnerability was discovered by a cybersecurity researcher.
- Allegedly, the issue was a misconfiguration of a cloud storage setting.
- Reportedly, documents and records of candidates were left open in the affected system.
- Reportedly, IIT Roorkee secured the system after being notified.
- No reports have confirmed that the candidate data was actually misused.
Recommended Precautions for Students
Students are advised not to panic, but to be watchful. There is no report confirming that the candidate's data was misused or that the admissions process was affected. Students should keep a lookout for unverified calls, emails, text messages, or other communications regarding admissions that request personal information.
Students should:
- Only use the official JEE Advanced and JoSAA websites.
- Do not disclose login information, OTPs, or personal information to third parties.
- Keep watch of the personal email and phone number for notifications regarding system compromise.
- Stay informed about the announcements of IIT Roorkee and the Joint Admission Board.
The case shows the increasing significance of cybersecurity within India's digital educational framework. Exam processes increasingly going online will force Institutions to bolster security systems to safeguard the information of millions of students.
Click Here for More Exams / Admission