A data leak on a utility company website made details of every Aadhaar holder available

In March 2018, a security researcher discovered that the state-owned utility company Indane had access to the Aadhaar database via an API, but they did not secure this way of entry. As a result, anybody was able to use this service to access details on the Aadhaar database about any Aadhaar number including an individual's name, and details of the bank accounts they had. This breach meant that it would be possible for someone to cycle through the trillions of possible Aadhaar numbers, effectively downloading the contents of the entire Aadhaar database.

https://www.zdnet.com/article/another-data-leak-hits-india-aadhaar-biometric-database/
Publication: ZDNet
Reporters:  Zack Whittaker
Date: 23 March 2018