When R.S. Sharma, the Telecom Regulatory Authority of India (TRAI) chief, tweeted his Aadhaar number in July and challenged people to use it to harm him, ethical hackers were happy to oblige. Some posted details such as Sharma’s PAN and mobile number on social media; some claimed to have deposited ₹ 1 in his bank account; and others claimed to have placed online orders in his name.

Sharma’s challenge and the response have revived the whole debate over security concerns around Aadhaar, a biometric identification which critics say is an invasion of privacy. Some people took Sharma’s cue and shared their Aadhaar numbers on social media. That’s when the Unique Identification Authority of India (UIDAI), the nodal agency for Aadhaar, stepped in and said sharing the number was against the law. While Sharma was not censured for sharing his Aadhaar number, UIDAI threatened to go after those who placed orders on online marketplaces in his name.

UIDAI said Sharma’s details which hackers claimed to have procured were in the public domain, and its database “was safe”.

Before the storm had blown over, most Android users found a defunct Aadhaar helpline number in their phonebook. Finally, search giant Google owned up: it had inadvertently coded the number into Android phones of Indian users in 2014.

The entire episode has opened a can of worms. Meantime, Sharma says he won the dare, for no “real harm” befell him. But people aren’t entirely convinced yet.

( This article was originally published in the September 2018 issue of the magazine.)

Follow us on Facebook, Twitter, YouTube & Instagram to never miss an update from Fortune India. To buy a copy, visit Amazon.