An ethical hacker has claimed that he highlighted critical security flaws in the Central Board of Secondary Education (CBSE) website to the government but received no response. The vulnerabilities, if exploited, could potentially compromise sensitive data of millions of students.
Hacker's Discovery
The ethical hacker, who chose to remain anonymous, discovered multiple loopholes in the CBSE portal. These included weaknesses in authentication mechanisms and data encryption. He reported the issues through the government's designated cybersecurity channels, expecting prompt action.
Lack of Response
Despite submitting detailed reports, the hacker received no acknowledgment or follow-up from the authorities. He expressed concern over the apparent negligence, stating that such vulnerabilities could be exploited by malicious actors to access student records, exam results, and other confidential information.
Implications for Student Data
CBSE maintains a vast database of student information, including personal details, academic records, and exam scores. A breach could lead to identity theft, unauthorized grade changes, or misuse of data. The hacker emphasized that the flaws were not trivial and required immediate remediation.
Government's Stance
When contacted, government officials declined to comment on the specific allegations. However, they reiterated that cybersecurity is a top priority and that all reported vulnerabilities are addressed through proper channels. Critics argue that the lack of response indicates systemic issues in handling security reports.
Need for Better Cybersecurity
This incident highlights the growing need for robust cybersecurity measures in educational institutions. Experts recommend that organizations like CBSE establish clear protocols for reporting and fixing vulnerabilities. They also stress the importance of regular security audits and responsible disclosure practices.
The ethical hacker's experience serves as a cautionary tale, urging the government to take cybersecurity threats more seriously. With increasing digitization of educational services, protecting student data has become paramount.
