Caralisa Monterio tweeted the screenshot of an Aadhaar authentication OTP she received without requesting for it.
— Caralisa Monteiro (@runcaralisarun) January 20, 2018
She says this is not her Aadhaar number. And the mobile number is a work number used by several people in her office. I contacted Caralisa privately to ask for more information. The number on which the OTP was received is one she has owned for 17-18 years and is used by her studio for work purposes and bookings and such. She says there is no chance someone took it to register an Aadhaar with it.
So this rules out the possibility that an old number linked with an Aadhaar was deactivated and reissued to her, as her possession of the mobile number predates Aadhaar.
This, of course leaves out a hundred other possibilities, ranging from someone filling that number in their Aadhaar application form deliberately to an operator error in entering the phone number while registering or updating an Aadhaar for someone else.
Issued in public interest: While it is a good idea to expose such OTPs being sent, if the scammer knows that it is your Aadhaar number they are trying to steal, they may see the valid OTP on your social media timeline and use it to validate the Aadhaar. Therefore, it is a good idea to either blur the OTP or tweet the screenshot after the 30 minutes of validity are over.
There have been other instances of Aadhaar notifications being sent to wrong numbers. For example, Tarak Banerjee got a notification of a successful Aadhaar authentication – but the Aadhaar number was not his.