IIT Roorkee and the Ministry of Education denied reports of a major JEE Advanced data breach.
The institute said a temporary cloud-storage misconfiguration was fixed immediately and no sensitive data was compromised.
IIT Roorkee said the incident had no impact on candidates' marks, ranks, categories or the admission process.
IIT Roorkee and the Ministry of Education on Friday dismissed reports of a large-scale data breach involving JEE (Advanced) candidates, saying a temporary cloud-storage misconfiguration was quickly fixed and did not result in any compromise of sensitive information or mass extraction of candidate data.
The clarification follows claims by 16-year-old cybersecurity researcher Rylen Anil that a public cloud-storage endpoint linked to the JEE (Advanced) 2026 results portal was accessible without authentication, exposing personal and examination-related details of lakhs of candidates. According to PTI, IIT Roorkee said the issue stemmed from a brief cloud-storage configuration error, while the Ministry of Education and the institute maintained that examination records, marks and candidate information remain secure.
"There have been several misleading and factually incorrect reports regarding data breach and privacy violations with respect to students who took JEE (Advanced) examination," the ministry said in a post on X.
"As per the clarification issued by @iitroorkee the Ministry reiterates that no sensitive information was compromised, and the examination outcomes, marks, and candidate information remain completely secure, intact, and safe," it added.
The JEE (Advanced) is the gateway for admission to undergraduate programmes at the IITs and several other premier engineering institutions across the country.
In a series of posts on X, IIT Roorkee said reports claiming that lakhs of aspirants were affected by a data breach did not accurately reflect the incident.
"Claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants are misleading and factually incorrect. The information circulating on social media is misleading and does not accurately reflect what happened. There is an attempt at spreading misinformation, which is far from the truth," the institute said.
According to PTI, IIT Roorkee said certain technical interventions were carried out on an expedited basis on June 2 to assist candidates facing difficulties in accessing admit-card data and to ensure the smooth functioning of the registration process. It said those interventions resulted in a "minimal, temporary misconfiguration" in a cloud-storage component.
The institute said that the ethical hacker Anil identified the issue and reported it to authorities.
"An ethical hacker, Mr Rylen Anil, identified this misconfiguration and reported that he could access the concerned database. The issue was immediately rectified, and access to the data was restricted," it said.
According to PTI, IIT Roorkee said the affected storage was configured in read-only mode, meaning records could neither be altered nor deleted. It added that an examination of cloud-access logs found no evidence of bulk downloads.
"The affected storage was read-only, meaning no data could be edited or deleted. An analysis of cloud access logs confirmed that no bulk download occurred (the read-only access was limited to less than 0.05 per cent of the data)," it said.
The institute further asserted that "no sensitive information was compromised or mass-extracted" and that the incident had "zero impact on examination outcomes, including marks, ranks, and category of the candidates".
Reaffirming its commitment to the examination process, IIT Roorkee said it remained fully committed to maintaining the integrity, security and transparency of the JEE (Advanced) and Joint Seat Allocation Authority (JoSAA) counselling processes.
"Deliberate attempts to misrepresent this technical event and undermine public trust in the examination system are deeply concerning and should be discouraged," it added.
"The JEE (Advanced) team looks forward to supporting every aspirant through a smooth and secure admission process into IITs and IISc," it said.
Earlier, IIT Roorkee had confirmed that the JEE (Advanced) 2026 results portal experienced a cloud-storage configuration issue after a teenager who identifies himself as a cybersecurity researcher claimed that personal and examination details of lakhs of students were accessible without authorisation.
Rylen Anil, alleged on X that a public cloud-storage endpoint associated with the results portal could be accessed without authentication, exposing candidate data in bulk.
On Tuesday, the institute said the stored data was in read-only mode, making any alteration of records impossible, and added that the issue was being addressed on priority.
(With inputs from PTI)
