Latest


Bihar youth arrested for hacking NEET accounts, attempting to divert student refunds

  •   Mon, Jun 15 2026 04:09:28 PM

Daijiworld Media Network - Ahmedabad

Ahmedabad, Jun 15: The Ahmedabad Cyber Crime Branch has arrested a 19-year-old man from Bihar for allegedly breaking into NEET candidates' online accounts and attempting to redirect refund payments to his own bank account by exploiting weak passwords and loopholes in the portal's password recovery system.

The accused, identified as Navinkumar Yadav, a BSc graduate from Bhareti village in Bihar's Gaya district, was apprehended following a joint investigation by the cybercrime unit and the National Testing Agency (NTA).

According to investigators, Yadav allegedly created fake identities using candidates' personal information, illegally obtained NEET application credentials and gained unauthorised access to the NEET UG-2026 portal.

Police said he altered bank account details linked to candidate profiles with the intention of diverting refund amounts that were meant to be credited to students.

A case has been registered under relevant sections of the Bharatiya Nyaya Sanhita (BNS) and the Information Technology Act.

Officials said the breakthrough came after the National Testing Agency's Chief Information Security Officer (CISO) shared digital trail data generated by the portal's security systems. Technical analysis of bank account records and intelligence inputs helped authorities track down the suspect and arrest him in Bihar.

Addressing a press conference, Joint Commissioner of Police (Crime) Sharad Singhal said the fraud surfaced after the government announced refunds of Rs 1,700 to candidates following the cancellation of the previous NEET examination.

He explained that cybercriminals took advantage of weaknesses in the password recovery mechanism.

"Students were required to answer security questions such as their favourite colour and favourite sport while using the 'Forgot Password' option. The accused exploited this system using software-assisted brute-force techniques," Singhal said.

Investigators alleged that Yadav targeted nearly 350 NEET candidates and successfully accessed around 150 accounts because many users had weak passwords.

Officials said he used specialised applications to repeatedly test password combinations, gain access to student accounts and subsequently change the login credentials. After entering the accounts, he allegedly replaced the registered bank account details with his own in an attempt to receive the refund amounts.

Police said more than 150 students have already been identified as victims, though the number could rise as the probe continues.

Authorities have frozen the relevant bank accounts and are tracing the movement of funds. Officials assured that affected students would receive their refunds once the investigation is completed.

The incident has also triggered a major overhaul of the NEET portal's security infrastructure.

Singhal said the National Testing Agency is introducing two-factor authentication to prevent misuse of password recovery systems and strengthen account protection.

NTA Director Akash Jain confirmed that several additional safeguards have already been implemented.

"Two-step authentication, OTP-based verification and Aadhaar-linked verification mechanisms have now been incorporated to enhance security," Jain said.

He added that the refund system was introduced to ensure students received their money quickly after the examination was cancelled and acknowledged that certain vulnerabilities existed during the initial rollout.

"The findings of this investigation have helped us improve and reinforce the security architecture of the portal," he said.

Meanwhile, the Cyber Crime Branch has issued an advisory urging students and parents to create strong passwords that combine uppercase and lowercase letters, numbers and special characters. Authorities also advised candidates to avoid predictable passwords such as names, birth dates, mobile numbers or combinations like "123456".

Officials further warned students not to share passwords, OTPs or account details with anyone and to rely exclusively on official NTA and NEET websites for examination and refund-related activities.

The investigation remains ongoing.
  

Top Stories


Leave a Comment

Title: Bihar youth arrested for hacking NEET accounts, attempting to divert student refunds



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.

You might also like