Tatkal Booking Scam: Aadhaar Data of Crores Sold on Telegram

IRCTC’s Tatkal Scheme Abused by Tech-Savvy Scam Network

The Indian Railways’ Tatkal booking system, designed for last-minute travelers, has been hijacked by a tech-driven racket.

Illegal online operators are using bots and Aadhaar-authenticated IDs to capture tickets in bulk—leaving genuine passengers with no options.

- Advertisement -

How the Scam Works

An investigation by India Today’s OSINT team found over 40 Telegram and WhatsApp groups involved in the network. This is only a glimpse of the larger operation. The key methods include:

  • Selling Aadhaar-authenticated IRCTC IDs for as little as ₹360

  • Using bots to auto-fill login, passenger, and payment details

    - Advertisement -
  • Hiding locations through Virtual Private Servers (VPS)

  • Distributing malware-infected bots that also steal user data

    - Advertisement -

Bots like Dragon, JETX, Ocean, Black Turbo, and Formula One are sold through shady websites for prices ranging from ₹999 to ₹5,000.

Railway Ministry Responds

To tackle the issue, the Ministry of Railways has launched several new measures, including:

  • Making Aadhaar-based authentication mandatory for Tatkal bookings from July 1, 2025

  • Banning agents from booking tickets during the first 30 minutes of the Tatkal window

  • Deploying AI-based anti-bot systems on IRCTC platforms

  • Suspending over 2.5 crore fake IRCTC accounts

A government release stated that bots make up nearly 50% of login attempts in the first five minutes of Tatkal openings, effectively blocking real users.

A Threat to User Security

Beyond unfair ticketing, these bots are a major cybersecurity risk. One malware scan revealed that a bot app behaved like a Trojan, capable of stealing user credentials.

This poses serious concerns about data privacy, especially with Aadhaar-linked user IDs being sold openly online.

Latest

More Articles