CBSE Clarifies Hacking Claim: ‘Compromised’ Portal Was Only a Testing Site, Not the Live Evaluation System

The Central Board of Secondary Education (CBSE) has issued a clarification after a 19-year-old ethical hacker alleged to have hacked the On-Screen Marking (OSM) portal of the Board, sparking concerns about the security of the system being used to mark Class 12 answer sheets. CBSE has said that the portal mentioned in the claim was not the live evaluation platform, but an internal testing platform with only sample data.

What actually happened? 

The controversy came to light when Nisarga Adhikary, a self-taught cybersecurity researcher, claimed to have found several flaws in the OSM platform. His published results showed that the system had security flaws, such as a hardcoded master password that could allow for a standard authentication to be circumvented. He said he had reported these problems to the authorities months ago and that only partial solutions had been put in place.

But CBSE has denied any claims of compromise of its actual evaluation system. The Board clarified in an official statement that the URL mentioned in the social media claims, cbse.onmarks.co.in, was only for testing and review purposes. It said the portal had only sample information and did not have any actual student records, marks or evaluation information.

The Board also stated that the portal used for the actual assessment and processing of answer sheets is not the same portal and was not compromised. CBSE has said that there is no security breach found in the live evaluation platform which was used during the examination process.

Why the issue gained attention 

The issue has attracted a lot of public attention as the OSM system is used to evaluate millions of CBSE examination answer sheets. Any hint of weaknesses in such a system naturally gives rise to concerns among students, parents and educators regarding the integrity of examination processes.

Questions about how a public testing environment could have security flaws were raised by tech bloggers and social media users, which further fueled the discussion. Others said that even test systems should adhere to strict cybersecurity measures, especially when connected to a large-scale public institution.

CBSE reassures Students and Parents.

CBSE has reiterated that the evaluation system of actual answer-sheets is safe and there are ample safeguards to protect the data related to the examination. The On-Screen Marking system was implemented to enhance transparency and efficiency in the assessment process, and remains in use with several security measures, the Board said.

The debate has brought to the fore the need for cyber security in educational technology platforms, but CBSE's clarification suggests that there is no evidence of any compromise of student marks, answer sheets or live evaluation records. The incident is nonetheless a reminder that digital security is being increasingly called into question in public institutions, as the examination and assessment processes become more technology-based.