Overview
- A 16‑year‑old cybersecurity researcher, Rylen Anil, disclosed a public cloud storage misconfiguration on June 2 that allegedly made about 179,600 result records and 187,300 admit‑card PDFs accessible without authentication.
- IIT Roorkee publicly acknowledged the configuration error, said the data was read‑only, and said it moved to plug the issue after the researcher reported it.
- The institute has not disclosed how long the files remained exposed, whether anyone accessed them, or whether affected candidates will be formally notified.
- The exposed documents reportedly contained names, dates of birth and mobile numbers, which can be harvested for identity theft, phishing and targeted scams even when files cannot be altered.
- The incident follows recent exam‑technology controversies and reinforces calls for stronger procurement rules, security testing, logging and clearer disclosure and notification policies from examination authorities.