A small Hyderabad company with a troubled past won the contract to grade CBSE's answer sheets. The platform was hacked. The tender rules were rewritten. This is the full story — from zero to everything we know.
A 19-year-old researcher found 9 security holes in the CBSE OSM platform — from hardcoded passwords to a 457K-record payment data leak. Reported to CERT-In in Feb 2026; no fix for 3 months.
How CBSE rewrote tender rules to favour Coempt across three rounds of bidding. Exposed by 17-year-old student Sarthak Sidhant. Reported by India Today and Hindustan Times.
Cashless Consumer's OSINT: vendor QA code left on GitHub, 30+ boards on a shared platform, 77 exposed API endpoints, and the corporate network behind the vendor.
The Chary family's 11 interlocking companies. Prof. S. Sadagopan's advisory role since 2008. How a ₹20 crore company captured India's largest exam system.
CBSE isn't alone. The SSC-Eduquity scandal follows an identical playbook: tenders rewritten, large firms excluded, small vendors win. This is a pattern.
What CBSE, NTA, and the Ministry of Education must disclose. RTI templates and an advocacy framework for journalists, parliamentarians, and citizens.
CERTIn-16590126)QA automation code on GitHub, Selenium tests against the live portal, server-side source, and commit history showing mid-exam rewrites.
View evidence →Full endpoint catalogue from the production Angular bundle. Sequential answer sheet IDs, password changes without old password, unauthenticated photos.
View API surface →SSL certificate logs reveal 30+ institutions on the OnMark platform. A single codebase vulnerability affects every board.
View entities →CERTIn-16590126).