Major Vulnerabilities Identified in India's NTA Portal by Teenage Researcher
security data-breach vulnerability cybersecurity security vulnerability data-breach cybersecurity
trending_upTrend: security

Major Vulnerabilities Identified in India's NTA Portal by Teenage Researcher

calendar_month June 2, 2026

Summary

A 16-year-old cybersecurity researcher has uncovered serious security flaws in India’s National Testing Agency (NTA) portal. These vulnerabilities could grant access to the sensitive data of millions of students, including Aadhaar numbers and exam results.

What happened?

The young researcher, often known online as ‘0xSagar’, identified several weaknesses in the backend system of the NTA portal. The issues found include unprotected directories and weak authentication mechanisms that exposed administrative credentials. Through these gaps, he demonstrated how unauthorized individuals could potentially gain access to the NTA’s entire database.

Why it matters

The NTA is responsible for conducting some of the largest national exams in India, such as NEET and JEE. A data leak of this scale not only endangers student privacy but could also be used for identity theft and the manipulation of academic records. This undermines trust in the national examination system.

Evidence

The researcher shared screenshots and details showing access to administrative dashboards and sensitive data fields without releasing the data itself. Reports from News18 and other tech platforms confirmed the existence of these vulnerabilities after an independent review of the claims.

Analysis

This incident highlights a lacking security culture within critical state digital infrastructures in India. The fact that a teenager using basic security tools could find such gaps suggests that regular security audits and modern web development best practices were not consistently applied.

Practical Takeaways

  • Institutions must conduct regular bug bounty programs and security audits.
  • Sensitive data like Aadhaar numbers must be protected by strong encryption and access controls.
  • The response to reported vulnerabilities should be transparent and timely, rather than an immediate denial.

Open Questions

  • How long have these security vulnerabilities been open?
  • Were these gaps exploited by malicious actors before the researcher reported them?
  • What specific measures will the NTA take to sustainably improve security?

Sources

  1. News18: Data Leak, Admin Access Flaws: NTA Portal Faces Cybersecurity Concerns