The ICAI Portal “Hack”: Ethical Intention or Malicious Act? CA. Parag Gupta and hacker, Mihir Shishulkar clarify the Controversy
The ICAI student’s body was also panicked out over the results of the CA Final Exams being released only one day from now. Not only that but allegations concerning data breaches also began circulating on various social media sites, resulting in panic and anxiety for many students waiting for their CA Final results. In an effort to get to the bottom of this, CA Parag Gupta, who is a very well known Costing faculty member, conducted an exclusive video conversation with a man named Mihir, (watch the full discussion here) who was at the heart of this controversy. The Initial Claim and the Atmosphere of Panic Around this time, Mihir came forward with information on serious security flaws at the ICAI’s examination site and informed the ICAI about them. After disclosing these issues, the conversation turned negative very quickly. On the dark web, Mihir’s name was reportedly misused and manipulated to suggest that he hacked into the ICAI’s exam site to manipulate students’ results when in actually he acted ethically in reporting the issues. CA Parag Gupta opened the discussion by emphasizing the seriousness of the matter. He clarified that his primary goal was to address the panic among students and that he had no way to independently verify the technical details of the claims . “I am not very proficient in ethical hacking… my purpose was only to talk to Mehur ji to bring students out of a panic situation,” he stated . He acknowledged that while he was giving Mihir the benefit of the doubt, if any malicious intent was proven, the law would take its course. Mihir’s Defense: An Ethical Disclosure Mihir presented his side of the story, maintaining that his actions were strictly for ethical reasons. The individual also claimed he found the weaknesses at 5:56 pm on June 12th 2026 and reported them to ICAI by 6:00pm, one hour later. He walked CA Parag Gupta through the alleged flaws, which he said included: Mihir emphasized that he did not modify any data and that the students’ answer sheets and marks were safe. “I have not leaked any data… your data is not modified,” he assured the students . He also showed screenshots from outside the database tables as proof of his access, stating he had over 200,000 records available . The Core Concern: Is the Data Safe? The most crucial question for students remains: Is their data compromised? Online reports suggest that the situation is likely a rumor. TCS, which maintains the data for ICAI, has reportedly confirmed that no data has been compromised . A chartered accountant, Dr. Rohit Ruwatia Agarwal, shared on social media that TCS had confirmed to him that there was “no substance” to the rumors of a data leak . Mihir’s own claims support this. He repeatedly stated that his access was for reporting vulnerabilities and that he did not steal or modify any data. CA Parag Gupta’s Final Appeal to Students After the interaction, CA Parag Gupta made a heartfelt appeal to the students. He emphasized the importance of not falling prey to panic, especially with results around the corner. He advised students to: Conclusion According to the video, the vulnerability that was found by the individual is now getting their chance to be heard (represented) as an impartial mediator, CA Parag Gupta, calms the worried students. While it is felt that the ICAI and other cybersecurity professionals have the true technical details of the situation, from Mihir’s account there is no reason to believe that his actions that disclosed this vulnerability were not ethically motivated nor that the student’s data had been compromised. Students are asked to remain calm, patient as they await the results and rely upon the official communication from the Institute of Chartered Accountants of India.







