Teen hacker claims CBSE exam papers, answer sheets leaked online
What's the story
A 19-year-old ethical hacker, Nisarga Adhikary, has alleged that scanned answer sheets and question papers of the Central Board of Secondary Education (CBSE) were publicly accessible online. In a post on X (formerly Twitter), Adhikary claimed that an Amazon Web Services (AWS) bucket containing these documents could be accessed without authentication. "CBSE people didn't configure their AWS bucket properly and now...anyone on the internet can download any scanned booklet — across institutions," he wrote.
Breach impact
Congress leader Ramesh amplifies concerns
Adhikary's allegations have raised concerns about a major data breach affecting the privacy of two million CBSE Grade 12 students. Congress leader Jairam Ramesh amplified these concerns by sharing Adhikary's post on X. "In today's developments on Mantri Pradhan's Ministry of Scandals, the answer sheets of 2 million CBSE Grade 12 students have been shown to be available in the public domain," Ramesh wrote.
Official statement
CBSE responds to allegations
The CBSE has responded to these allegations, saying that the URL mentioned in social media posts was not used for actual evaluation work. "At the outset, it is clarified that the Portal used for evaluation of answer-books bore a different URL, which has neither been compromised nor does it have the vulnerabilities indicated in the said social media post," CBSE said in a statement on X.
Security assurance
No data held on portal: CBSE
The board further clarified that the website identified by Adhikary was only a testing platform with sample data. "There are no actual evaluation data, marks, or other data held on that portal. The Board emphasizes that no security breaches have come to light on the Portal deployed for the actual evaluation work," the statement added.
Security vulnerabilities
Adhikary previously reported vulnerabilities in CBSE's OSM portal
Adhikary had earlier claimed to have discovered several vulnerabilities in CBSE's On-Screen Marking (OSM) portal. In a blog post titled "Exposing Critical Vulnerabilities in CBSE's On-Screen Marking Portal," he said he discovered the issues on February 25 and reported them to CERT-In before making them public. "I was able to log in as an examiner and reach the evaluation dashboard, where I could view and edit marks," Adhikary wrote in the blog.