The UX Lesson Hidden in CBSE's Hacking Scandal

When a 19-year-old hacker exposed how bad UX and system design impacts millions

Pushpanjali, Akshay Kanade, Nishith Gupta, and UXHack

Jun 01, 2026

Mixology is UXHack’s Weekly newsletter covering interesting topics in UX, Products and AI, along with Curated Jobs, Events and useful Resources.

What happens when a 19-year-old hacks your nationwide exam platform? You land a massive PR nightmare.

Ethical hacker Nisarga Adhikary recently exposed severe security vulnerabilities in CBSE’s On-Screen Marking (OSM) portal in a detailed blog post, finding hardcoded passwords and easily bypassed OTPs.

While CBSE rushed to deploy government cybersecurity teams to patch the leaks, as reported by LiveMint, the root cause isn’t just bad code - it’s archaic UX.

CBSE’s internal portals are notoriously painful to navigate. When software is frustrating, training older teachers to evaluate millions of digital exam sheets becomes an uphill battle.

To bypass this usability friction, developers often take lazy shortcuts - like client-side validation - just to make things “work quickly,” compromising security by design.

Ironically, the Indian government already has a cure: UX4G, a unified design system by NeGD and MeitY built to bring consistent, secure, and accessible UI to public digital services. Had CBSE built its systems on top of UX4G, standard security protocols and usability guidelines would have been baked in by default, preventing freshman-level development oversights.

How can we convince slow-moving public institutions to adopt modern design systems like UX4G before an external hack forces their hand?

Sources & Citations:

👉🏻PS: Have an interesting read to recommend to 9900+ readers? You can also recommend your own article/video/case study. Tell us here.

Recommend an Interesting Read