Vulnerability could have been exploited easily to unauthorisedly access sensitive documents uploaded by targeted users’ on the Government-operated platform. With over 38 million registered users, Digilocker is a cloud-based repository that acts as a digital platform to facilitate online processing of documents and speedier delivery of various government-to-citizen services. The vulnerability was reported to CERT-In on May 10 by Mohesh Mohan and to DigiLocker on 16th May by Ashish Gahlot.
Source: https://thehackernews.com/2020/06/aadhar-digilocker-hacked.html