The purpose of this article is to demonstrate how the personal phone number linked to any given Aadhaar can be extrapolated due to problems in implementation of the text-based authentication mechanism which websites offering Aadhaar authentication rely on. Websites which make use of text based (OTP) authentication display to the user only the last four digits of the phone number. This is ostensibly a privacy safeguard put in place by the UIDAI to limit personally identifiable information from being revealed prior to authentication. This flaw in implementation introduces a surface for computer-aided guessing and enumeration attacks which can be abused.”]
Source: https://medium.com/karana/extracting-personal-phone-numbers-linked-to-aadhaar-801d4802c0c8

