In one of its biggest anti-fraud actions, Indian Railways has deactivated around 30.3 million suspicious IRCTC user IDs in 2025 to curb manipulation in online ticket bookings. The ministry also blocked 12,819 suspicious email domains and stopped 60.43 billion malicious bot requests between July and December 2025, aiming to dismantle automated Tatkal hoarding networks and restore fair access for genuine passengers.
According to the Railways, a large-scale re-verification of user accounts was carried out on the e-ticketing platform. The exercise identified accounts created in bulk by single operators and those used through automated scripts to book tickets within seconds. These accounts were systematically deactivated to prevent their misuse.
Official data indicates the scale of bot activity was massive. In October 2025, 17 billion of 24.04 billion requests were bots; in November, 14.03 billion of 20.07 billion were automated; and in December, 7.25 billion of 14.28 billion fell into the same category. In total, 60.43 billion bot attempts were blocked over six months. Railways believes these bots were feeding tickets directly into agent networks, making it difficult for ordinary users to secure Tatkal bookings.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Aadhaar-OTP becomes key safeguard
An Aadhaar-based OTP verification has been introduced, particularly for Tatkal bookings, enforcing a “one person–one account” rule. Automated scripts cannot bypass Aadhaar authentication, making the creation of multiple fake IDs significantly harder. Officials describe this as the most effective safeguard in time-sensitive Tatkal transactions.
Email blocks and real-time cyber surveillance
Bulk email domains linked to suspicious activity have been blocked. Internet traffic related to ticketing is under continuous monitoring by CERT-In and the National Critical Information Infrastructure Protection Centre, along with periodic security audits to detect emerging cyber threats.
Cyber complaints flagged organised misuse
On the National Cyber Crime Portal, 399,000 suspicious booking instances and 376 formal complaints were recorded, pointing to organised manipulation. These inputs helped authorities identify and disable several fraudulent accounts.
Expected benefits for passengers
Railways claims the clean-up will:
- reduce Tatkal hoarding,
- improve website and app speed,
- increase the chances of confirmed tickets for genuine users, and
- curb agent-driven black marketing.
Experts say sustained Aadhaar verification and real-time bot filtering could also reduce peak-hour server crashes and improve transparency in ticket allocation.
Advisory for users
Passengers have been advised to:
- avoid creating multiple accounts,
- not use fake email IDs or mobile numbers,
- never share login credentials with agents, and
- keep Aadhaar verification updated.
Accounts found violating norms may be deactivated.
The Railways is now preparing to deploy additional anti-bot tools and behaviour-based analytics to ensure that the “first come, first served” principle in Tatkal bookings works in practice and public trust in the e-ticketing system is restored.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
