Indian Railways Blocks 60.43 Billion Bot Attacks, Deactivates 3.03 Crore Suspicious IDs in 2025

India’s railway e-ticketing system has recorded a major cybersecurity achievement in 2025, with 3.03 crore suspicious user IDs deactivated and 60.43 billion malicious bot requests blocked over the last six months of the year. The details were shared in the Rajya Sabha by Railway Minister Ashwini Vaishnaw.

The Minister said the Indian Railways reservation platform is a robust and highly secure IT system equipped with industry-standard, state-of-the-art cybersecurity controls designed to ensure seamless booking for genuine passengers, especially during Tatkal reservations.

Aadhaar-Based Authentication for Tatkal Booking

To curb misuse and ensure fairness in Tatkal ticket booking, Indian Railways has introduced Aadhaar-based One-Time Password (OTP) authentication. This step ensures instant verification of user identity and prevents the creation of fake or multiple agent-controlled accounts.

By enforcing uniqueness through Aadhaar authentication, the system has significantly reduced automated misuse and improved ticket availability for genuine passengers. The move has enhanced transparency and fairness in time-sensitive Tatkal bookings.

Multi-Layer Application Security

Several application-level security controls have been implemented to prevent hacking tools and automated scripts from exploiting the system. These include:

• Multi-level CAPTCHA mechanisms
• Protection against brute-force attacks
• Safeguards against Distributed Denial of Service (DDoS) attacks
• OWASP-based vulnerability management

Indian Railways has also deployed enterprise-grade anti-bot solutions and a Content Delivery Network (CDN) to reduce traffic load and filter out non-genuine users. Advanced anti-bot tools such as AKAMAI help detect and block suspicious traffic in real time, ensuring smooth access for legitimate users.

Network & Infrastructure Protection

The entire ICT infrastructure operates in high-availability mode to minimize disruptions. The system is protected by multiple security layers, including:

• Network firewalls
• Intrusion prevention systems
• Application delivery controllers
• Web application firewalls

To counter volume-based DDoS attacks, the system is supported by multiple Internet Service Providers with an aggregated mitigation capacity of nearly 30 Gbps.

Additionally, RailTel has been engaged for deep-dark web monitoring, digital risk protection, and enhanced incident response mechanisms.

Physical & Audit Safeguards

The e-ticketing system is hosted at a secure captive data centre in Chanakyapuri, New Delhi, equipped with CCTV surveillance and restricted access. The facility is ISO 27001 (ISMS) certified.

The platform is integrated with CERT-In’s Threat & Situational Awareness Projects (TSAP) for 24×7 monitoring. It is also linked with CERT-In’s “Madhu-Sanjal” honeypot system to study attacker behaviour and strengthen defenses.

Regular audits are conducted by CERT-In empanelled agencies, while traffic monitoring is continuously undertaken by CERT-In and the National Critical Information Infrastructure Protection Centre (NCIIPC).

Anti-Fraud Administrative Measures

In 2025, strict administrative actions were taken to safeguard the system:

Malicious Bot Traffic Blocked (July–December 2025)

Indian Railways blocked massive bot traffic attempting to access the e-ticketing system:

Over these six months, a total of 60.43 billion bot requests were filtered and denied access, protecting the integrity of the system.

The government emphasized that these layered cybersecurity, authentication, and administrative measures have strengthened the reservation system against fraud and cyber threats, ensuring a transparent, secure, and efficient booking experience for genuine railway passengers.