When a system is shown to have fundamental security flaws — this one uses client-side validation to authenticate biometric operators — it is natural one's trust in the system's robustness would drop low.
Like when Intel's chips were shown to completely disregard security when speculatively executing instructions, it wasn't just a new vulnerability; it was a whole class of vulnerabilities that was now open
Please read TFA: "The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers."
The client here is the enrollment software, not "Aadhar" (whatever you meant by that). The Aadhar service should haven been authenticating enrollment operators on the server side, instead of relying on the enrollment software to verify identity (that too by via biometrics, which is NOT authentication).
While more specific titles are better for descriptive purposes, the title as it is is not wrong. The name "Aadhaar" does not unequivocally mean "The Aadhaar service backend".
>> Isnt that true for every thing around you? just because your bank is not hacked, does not mean it will not be in future.
But if my bank is widely reported to be hacked, my trust in it would degrade. And I would probably not trust it with any more of my money. A lot also rides on how the bank responds to this in public.
>> this is an attitude a system designer should have, allways be on lookout of vulnerabilities.
Agree, but that is besides the point here.
>>if media starts writing articles on would be vulnerabilities, then it is just fear mongering.
This is something which has occurred, it's not "would be".