KiranaPro Data Breach: Attackers Erase All Server Information

Indian grocery delivery startup KiranaPro has fallen victim to a devastating cyberattack that completely wiped its servers and destroyed critical company data, including sensitive customer information.

The security breach has left the company’s app unable to process orders, dealing a severe blow to the six-month-old startup’s operations.

KiranaPro co-founder and CEO Deepak Ravindran confirmed to TechCrunch that hackers successfully gained access to the company’s root accounts on both Amazon Web Services (AWS) and GitHub, resulting in the complete destruction of essential business data.

The compromised information included the company’s app source code and servers containing sensitive customer details such as names, mailing addresses, and payment information.

The attack has crippled KiranaPro’s operations, with the company’s app remaining online but unable to process any customer orders.

This represents a significant disruption for a platform that serves 55,000 customers, including 30,000-35,000 active buyers across 50 cities who collectively place approximately 2,000 orders daily.

Launched in December 2024, KiranaPro operates as a buyer application on India’s Open Network for Digital Commerce, offering a unique voice-based interface that allows customers to place grocery orders from local shops using voice commands in multiple languages including Hindi, Tamil, Malayalam, and English.

The startup had ambitious expansion plans to reach 100 cities within the next 100 days before the cyberattack occurred.

KiranaPro Data Breach

Company executives discovered the breach on May 26 while attempting to log into their AWS account, though Chief Technology Officer Saurav Kumar indicated the actual attack occurred around May 24-25.

Screenshots of GitHub security logs and activity files shared by Ravindran suggest the hackers gained entry through a former employee’s account credentials.

Despite implementing Google Authenticator for multi-factor authentication on their AWS account, the attackers successfully compromised the system.

Kumar explained that when the team tried accessing their AWS account, they found the multi-factor authentication code had changed, and all Electric Compute Cloud (EC2) services had been deleted.

“We can only log in through the IAM [Identity and Access Management] account, through which we can see that the EC2 instances don’t exist anymore, but we are not able to get any logs or anything because we don’t have the root account,” Kumar stated.

Grocery Platform’s Expansion

According to Report, the incident highlights ongoing cybersecurity challenges facing startups, particularly regarding credential management and employee access controls.

The attack method remains unclear, though similar high-profile breaches at companies like LastPass, Change Healthcare, and Snowflake have been attributed to credential theft through password-stealing malware and inadequate multi-factor authentication enforcement.

Additionally, Ravindran announced plans to file legal cases against former employees who allegedly failed to surrender their system access credentials.

The Bengaluru and Kerala-based company, which employs 15 people, counts notable investors including Blume Ventures, Unpopular Ventures, Turbostart, Olympic medalist PV Sindhu, and BCG MD Vikas Taneja among its backers.

The attack represents a significant setback for the innovative voice-based grocery delivery platform’s growth trajectory.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates

The post KiranaPro Data Breach: Attackers Erase All Server Information appeared first on Cyber Security News.