TLDR;
A gas supply utility, Indane, provided an un
-authenticated, non-rate limited API proxy to the authenticated Aadhar API, allowing anyone to make more than a thousand requests a minute to fetch personal information, by just iterating through the Aadhar numbers.