According to cofounder and CEO Deepak Ravindran, hackers destroyed key data, including the company's app source code and vital user information stored on its servers. While the KiranaPro app is still accessible, it is currently not processing any orders.
Attack Discovered Through AWS Login
The breach was first noticed on May 26, when company executives logged into their Amazon Web Services (AWS) account and saw that root-level access had been taken over by hackers. The attackers also gained control of the startup’s GitHub account, which holds code and development tools.
KiranaPro’s CTO Saurav Kumar revealed that the attack likely happened between May 24 and 25, and was traced back to the account of a former employee. Despite having multi-factor authentication (MFA) enabled via Google Authenticator, the security code had reportedly changed by the time executives tried to log in last week.
EC2 Services Wiped Out
When the team managed to log in through a backup IAM (identity and access management) account, they discovered that all Elastic Compute Cloud (EC2) services — which run KiranaPro's core applications — had been deleted. Without root access, they couldn’t retrieve any logs or data about the breach.
Ongoing Investigation and Legal Action
KiranaPro has reached out to GitHub’s support to track down the hacker’s IP addresses. CEO Ravindran also said the company is planning to take legal action against former employees who did not return their GitHub credentials.
So far, the exact method of the cyberattack remains unclear.
About KiranaPro
Founded in 2024 by Deepak Ravindran and Deepankar Sarkar, KiranaPro is a quick commerce platform that connects customers with nearby kirana stores for fast grocery delivery — often within 10 to 20 minutes. The platform operates through India’s ONDC network and uses a voice-based AI model to simplify orders.
The company has raised over $188,000 in funding from investors like TurboStart, Unpopular Ventures, Blume Ventures, and Snow Leopard Ventures. Earlier this year, it had ambitious plans to onboard 100 million users and 1 million kirana stores.
Current Status
As of now, KiranaPro is trying to restore its systems and resume operations. The breach has raised serious concerns about data security and access management, especially in fast-growing startups.
Tags:
Cyber News
