Bihar teen hacks NEET aspirants' accounts on portal, diverts money in refund scam
A 19-year-old man from Bihar has been arrested in Ahmedabad for allegedly diverting refund amounts meant for around 150 NEET aspirants into his own bank
A 19-year-old man from Bihar has been arrested in Ahmedabad for allegedly diverting refund amounts meant for around 150 NEET aspirants into his own bank account by unlawfully accessing their accounts on the NEET portal, police said. The accused, identified as Naveen Yadav, a resident of Gaya district in Bihar, allegedly exploited security vulnerabilities and weak passwords to gain unauthorised access to the accounts of NEET-UG candidates. According to Ahmedabad Police, he changed the bank account details linked to students' profiles, causing refund amounts of Rs 1,700 per student to be credited to his own account instead. Read Full Story The incident comes amid heightened scrutiny of the NEET examination process amid the controversy over the alleged paper leak, as well as concerns over security vulnerabilities and technical glitches associated with the pre-medical entrance examination.
The case came to light after the Ahmedabad Cyber Crime Branch received a complaint regarding fraudulent refund transactions processed through the NEET-UG portal. Investigators found that an unauthorised individual had accessed student accounts and altered banking details to siphon off the refund money. According to officials, the accused targeted more than 350 students who had registered for the NEET examination and successfully gained access to around 150 accounts. Police said he allegedly used brute-force attacks -- a trial-and-error method used to crack passwords, encryption keys, or PINs -- to break into accounts by exploiting weak credentials and security loopholes in the portal. After gaining access, the accused allegedly replaced the students' registered bank account details with his own.
As a result, refund amounts intended for the candidates were transferred to his account, Joint Commissioner of Police (Crime) Sharad Singhal said. During the investigation, the Cyber Crime Branch sought details from the Testing Agency (NTA) regarding the bank accounts that had received the refund payments. The information helped investigators trace the money trail and identify the accused, leading to his arrest in Bihar, the officer said. Officials said the diverted funds were linked to refunds due to NEET 2026 candidates. Following the breach, the NTA strengthened the security features of the NEET portal, including improvements to its authentication mechanisms. Police noted that the portal previously lacked two-factor authentication, a vulnerability that has since been addressed to prevent similar incidents in the future.
The BriefWire