A researcher has disclosed how he was able to access the personal identifiable information (PII) of potentially 185 million Indian citizens – and create counterfeit driving licenses to boot.

On February 20, student and cybersecurity researcher Robin Justin published a blog post containing the details of vulnerabilities impacting Sarathi Parivahan, the website for India’s Ministry of Road Transport and Highways.