Mumbai man says FASTag was hijacked mid-transit, flags ‘masssive loophole’ in viral post
A Mumbai resident has alleged a serious loophole in the FASTag system after his existing tag was reportedly deactivated and replaced with another allegedly activated by a transporter’s driver during vehicle transit from Mumbai to Delhi.
A Mumbai man has alleged a major security flaw in the FASTag system after his existing FASTag was allegedly deactivated and replaced with a new one without his consent while his car was being transported from Mumbai to Delhi.
The allegation was made by X user Rushil, whose post has now gone viral on social media. In the post, he claimed that a transporter’s driver was allegedly able to activate another FASTag linked to his vehicle using a different mobile number and personal details, without any approval from the registered owner.
“FASTag has a MASSIVE security loophole & nobody is talking about it,” Rushil wrote on X.
Vehicle Was Being Transported From Mumbai To Delhi
According to Rushil, the incident took place while his vehicle was in transit between Mumbai and Delhi through a transporter service.
He claimed that before taking the car for transport, the driver casually asked him whether there was enough balance in the FASTag account. However, the following morning, he allegedly received a message from ICICI Bank stating that a new FASTag had been activated for the vehicle.
Rushil said the message further informed him that his existing FASTag would be deactivated under the “One Vehicle One FASTag” policy.
“Within minutes, it was blacklisted/deactivated,” he wrote.
‘No Owner Authorization, No Consent’
In his viral post, Rushil alleged that the new FASTag was activated without any OTP verification or approval from the registered vehicle owner.
“No OTP. No owner authorization. No consent from the actual vehicle owner,” he wrote.
He further claimed that after contacting customer support several times, he discovered that the newly activated FASTag had allegedly been issued through Airtel Payments Bank.
Rushil later checked the Airtel Thanks application and claimed that the FASTag appeared to have been registered using the transporter driver’s details.
‘Vehicle Owner Has Zero Control’
The Mumbai resident also alleged that despite being the owner of the vehicle, he was unable to get the FASTag deactivated.
According to him, customer support informed him that only the individual who activated the FASTag could request its closure.
“The actual vehicle owner has ZERO control over the FASTag - but the person who fraudulently activated it does,” he wrote.
Rushil also criticised the National Highways Authority of India (NHAI) helpline, alleging that there was no emergency blocking system or fraud-resolution mechanism available for such situations.
“No owner protection mechanism,” he wrote.
Calls For OTP-Based Verification
Describing the incident as a “massive security vulnerability”, Rushil urged the National Payments Corporation of India (NPCI) and FASTag authorities to introduce mandatory OTP verification before any changes related to FASTag accounts are approved.
“At the very least, mandate OTP verification from the registered vehicle owner before ANY FASTag change is approved,” he wrote.
He further criticised the support system linked to the service.
“Pathetic support, zero accountability, and absolutely no protection for the actual vehicle owner while someone else fraudulently took control of the FASTag,” Rushil added.
ICICI Bank And Airtel Payments Bank Respond
Following the viral post, both ICICI Bank and Airtel Payments Bank responded publicly on X and said the matter was being looked into.
Responding to the complaint, ICICI Bank wrote, “Hi, we are concerned to know about this. Request you to DM your contact details. We will connect with you at the earliest to help resolve your concern. For your safety, please remember ICICI Bank will never ask for your password, PAN, Aadhaar, bank details, or OTP through calls, SMS, email, WhatsApp, or social media. Kindly do not share such details publicly or privately.”
Airtel Payments Bank also reacted to the allegations and assured the user that the issue would be investigated on priority.
“Hi, we never intended such an experience for you. We apologize for the inconvenience. To investigate further, request you to share your contact details along with your vehicle number via DM. Please be assured that we will resolve your concerns on priority,” the company wrote.
The incident has sparked discussion online around FASTag security protocols and whether additional owner verification measures are needed to prevent unauthorised changes to vehicle-linked accounts.
About the Author
Anjali Thakur is a Senior Assistant Editor with Mint, reporting on trending news, entertainment and health, with a focus on stories driving digital conversations. Her work involves spotting early signals across news cycles and social media, sharpening stories for SEO and Google Discover, and mentoring young editors in digital-first newsroom practices. She is known for turning fast-moving developments—whether news-driven or culture-led—into clear, tightly edited journalism without compromising editorial rigour.<br><br> Before joining Mint, she was Deputy News Editor at NDTV.com, where she led the Trending section and covered viral news, breaking developments and human-interest stories. She has also worked as Chief Sub-Editor at India.com (Zee Media) and as Senior Correspondent with Exchange4media and Hindustan Times’ HT City, reporting on media, advertising, entertainment, health, lifestyle and popular culture.<br><br> Anjali holds a Bachelor of Arts degree from Miranda House, and is currently pursuing an MBA, strengthening her understanding of business strategy and digital media economics. Her writing balances newsroom discipline with a clear instinct for what resonates with readers.
Wait for it…
Oops! Looks like you have exceeded the limit to bookmark the image. Remove some to bookmark this image.