New Delhi: The Central Board of Secondary Education (CBSE) revaluation portal’s payment system was struck by a “malicious attack”, allowing roughly 50 students to gain unauthorized access and causing wild fee fluctuations, government sources said on Friday, PTI reported.
The breach, linked to the HDFC payment gateway used by the portal, caused erratic fee displays when the system went live after downtime — amounts shown fluctuated wildly, at times listing Re 1 and at others jumping to nearly Rs 67,000–68,000.
“There were some unauthorised attack on the portal. The payment gateway was with respect to HDFC… about 50-odd children had got in,” a government source said. According to officials, the tampering appeared to be deliberate in some cases and mischievous in others, with the amount presented to students changing drastically during the window of vulnerability.
“I think out of fun or out of mala fide intention, I think that one rupee was shown and then Rs 67-68,000. So, there were about 50 children in whose case the amount had changed,” the source added.
The glitch coincided with the portal’s revival after a spell of non-functionality, and authorities traced the problem to the HDFC gateway’s integration. â
I think the portal for quite some time was not functional. There were issues with respect to the amount where 50 children came in, and they manipulated the system,â the source said, describing the sequence that exposed the vulnerability as the system went live.
To widen payment options and shore up resilience, four public sector banks â State Bank of India, Canara Bank, Indian Bank and Bank of Maharashtra â have since been added as alternate payment gateways.
Experts from IIT Madras and IIT Kanpur, alongside the Digital Infrastructure Corporation of India, are currently probing the code and the system to harden the portal and payment gateway integration, a government source said.
âThe teams are examining the code and the system to make it seamless and glitch-free,â the person added, signalling a technical forensic approach to prevent recurrence.
The issue was discussed at the ministerial level on May 24, when Union Education Minister Dharmendra Pradhan held talks with Union Finance Minister Nirmala Sitharaman about the payment and technical problems encountered by students during the CBSE post-result and revaluation processes.
During that discussion, it was agreed that the four PSU banks would assist the Central Board of Secondary Education in strengthening the payment gateway infrastructure and in integrating their systems with the post-exam portal, the education ministry said. âSo, their payment gateway have been synced with that of the portal of the CBSE. I think we had a test run yesterday and we thought that it is working well,â the source said.
Officials also noted infrastructure changes aimed at improving capacity, with the portal shifted to Amazon Web Services to address earlier space constraints. âEarlier there were issues of space. So, eventually we went up to Amazon Web Services (AWS). So, now the system is on AWS,â the source said.