Indian Grocery Startup KiranaPro Hacked, Servers and Customer Data Deleted, CEO Confirms
Indian grocery delivery startup KiranaPro has suffered a devastating cyberattack, resulting in the complete deletion of its servers and sensitive customer data, CEO Deepak Ravindran confirmed to TechCrunch.
The breach, discovered on May 26, 2024, led to the loss of critical app code and servers containing a wealth of customer information, including names, mailing addresses, and payment details. The company’s app remains online but is unable to process orders currently.
Launched in December 2024, KiranaPro operated on the Indian government’s Open Network for Digital Commerce (ONDC), enabling customers to purchase groceries from local shops via a voice-based interface supporting languages like Hindi, Tamil, Malayalam, and English. The startup served 55,000 customers, with 30,000-35,000 active buyers across 50 cities, processing approximately 2,000 orders daily.
“We can only log in through the IAM [Identity and Access Management] account, through which we can see that the EC2 instances don’t exist anymore, but we are not able to get any logs or anything because we don’t have the root account,” CTO Saurav Kumar told TechCrunch.
According to Ravindran, hackers gained unauthorized access to KiranaPro’s root accounts on Amazon Web Services (AWS) and GitHub, potentially through a former employee’s account. Screenshots of GitHub security logs suggest unauthorized activity around the time of the incident. The company’s CTO, Saurav Kumar, pinpointed the hack to around May 24-25, 2024.
KiranaPro utilized Google Authenticator for multi-factor authentication on its AWS account. However, upon attempting to log in last week, executives found that the multi-factor code had been altered, and all Electric Compute Cloud (EC2) services had been deleted.
The company planned expansion to 100 cities in the coming months before the incident. Now, KiranaPro has reached out to GitHub’s support team for assistance in identifying the hacker’s IP addresses and tracing the incident. Legal action is also being pursued against former employees who have not provided credentials for accessing their GitHub accounts.
The incident highlights the critical importance of robust cybersecurity measures, including enforced multi-factor authentication and the timely termination of access for former employees. This breach is a stark reminder of other recent cyberattacks like LastPass, Change Healthcare, and Snowflake.
KiranaPro’s investors include Blume Ventures, Unpopular Ventures, Turbostart, PV Sindhu, and Vikas Taneja. The company employs 15 people across Bengaluru and Kerala.
