CBSE’s Portal Stood Firm: What Happened When 1.5 Million Hits Struck in Two Minutes

There is a particular kind of cruelty in what unfolded on the morning of June 2nd. Thousands of students across the country — many of them having waited weeks for this window — sat down to file their re-evaluation and verification requests through CBSE’s portal. Some were chasing a few extra marks. Others had college admissions hanging on the result. And right at that same moment, unknown actors were doing everything in their power to make sure the portal would not work. They failed. But it was not a quiet morning by any measure.

What the Attackers Tried

CBSE shared the details openly, posting an update on X that laid out the scale of what happened. The platform was hit with a denial-of-service attack that sent close to 1.5 million hits to the server in just under two minutes. To put that in perspective — a typical traffic spike from exam season, even a heavy one, does not look anything like that. This was a coordinated, deliberate attempt to flood the system until it buckled.

And that was only one part of the assault. Alongside the denial-of-service barrage, the board’s systems recorded over one lakh attempts to access files without authorisation. So whoever was behind this was not merely trying to knock the portal offline. They were also testing whether they could get inside it.

The board put it plainly in its statement: “Malicious actors attempted to disrupt services through a barrage of cyberattacks.” No spin, no softening. Just a direct acknowledgement of what was happening while students were trying to apply.

The Portal Did Not Go Down

For all the noise and aggression from outside, the portal kept running. It opened at 7 in the morning, and it stayed open. By three in the afternoon, more than 18,000 students had already submitted their applications successfully. At the peak of the day, the system was handling upwards of 8,000 users at the same time, all while the technical team was actively monitoring and responding to the attack traffic.

This is worth pausing on. Anyone who has used a government exam portal on a high-traffic day knows how fragile things can feel. Pages stall, sessions time out, the wheel just keeps spinning. Now layer a deliberate cyberattack on top of that normal pressure, and you have a recipe for a complete failure. The fact that it held together is not a small thing.

CBSE’s technical teams were watching the platform the entire day and stepping in wherever needed. That kind of continuous monitoring is what kept things functional, and the board deserves credit for being prepared rather than reactive.

Improvements Students Will Actually Notice

Beyond surviving the day, the board came in with a couple of changes that reflect real feedback from students rather than just policy decisions made in a meeting room.

Aadhaar-based verification is now required at login. Some students may find the extra step mildly inconvenient, but it does something important: it ensures that only the person actually filing the request can do so. That closes a gap that has existed in previous cycles, where the door was a little more open to fraudulent submissions.

The other change is quieter but genuinely useful. Session time limits have been extended. If you have ever been halfway through filling out a form only to find that the portal logged you out and wiped your progress, you know exactly why this matters. CBSE heard that frustration from students and did something about it. That is not always guaranteed with government systems, and it is worth acknowledging.

Why This Goes Beyond One Portal

Attacks on education portals are no longer surprising, but the timing here was pointed. They chose the first day of the application window, when traffic would be highest and the pressure on the system most intense. The message in the timing is hard to miss.

CBSE’s digital infrastructure is not just a convenience. For lakhs of students every year, it is the gateway to re-evaluations, mark verifications, and document requests that feed directly into college applications and scholarship processes. A successful attack at the right moment could delay those outcomes by days or weeks — long enough to cost someone an admission they deserved.

Day one held. The applications went through, the students were served, and the people who tried to disrupt it came away with nothing. Whether the pressure continues through the rest of the window is something the board’s teams will have to stay on top of. But for now, the outcome is the right one.