In 2009, Indian officials first pitched the idea for Aadhaar, an online national identification system containing personal and biometric information. It was touted as a “turbocharged version of the Social Security number,” a database that could act as a digital cure for identity fraud and make identity verification an easier and more streamlined process. In the last eight years of its operation, Aadhaar has been both widely expanded to integrate with tons of government and online services, and widely criticized as a privacy risk for Indian nationals if it were to be hacked.

As feared, earlier this month Indian newspaper The Tribune announced that it had successfully breached the controversial national database, exposing data for upward of 1.2 billion Indian nationals. The newspaper reportedly paid a hacker the equivalent of $8 to create a login that would allow reporters at the Tribune to access information for all registered members of the database. A second news outlet, The Quint, found another vulnerability in the system allowing existing administrators to offer any person new administrator credentials to the database.