While it normally takes around 120 seconds to generate a PNR, Ajay Garg’s software was able to generate a number of them extremely fast. The software could bypass IRCTC captcha, bank OTP and form, providing proxy IP addresses and multiple user IDs passwords, PTI reports. All agents needed to do was install the software and key on the username and password, which Garg would change often to ensure payments.

And Garg would track these sold tickets and collect payment from the agents.

He later joined CBI and has now been arrested. But the bigger question is about software vulnerability and how an important system like this can be continuously (rather, daily) hacked without any trace.

(source)