KiranaPro Hacked: Servers Wiped Out in Major Breach, Confirms CEO

The founder of the Indian grocery delivery startup KiranaPro told a media outlet that the company had been hacked and all of its data had been erased.

Deepak Ravindran, co-founder and CEO of KiranaPro, told a media source that among the deleted data were the company's app code and its servers that included banks of private client data, such as names, mailing addresses, and payment information.

Established in December 2024, KiranaPro functions as a buyer app on the Open Network for Digital Commerce of the Indian government, enabling users to buy goods from neighbouring supermarkets and local stores.

According to the company, KiranaPro has 55,000 consumers, with 30,000–35,000 active purchasers spread throughout 50 cities, placing 2,000 orders per day.

In contrast to other grocery delivery apps, KiranaPro has a voice-based interface that lets users utilise voice commands in Hindi, Tamil, Malayalam, and English to place orders from nearby stores.

KiranaPro was Planning to Expand to 100 Cities in 100 Days

According to Ravindran, the business had intended to reach 100 cities in the 100 days prior to the tragedy. Executives at KiranaPro learnt of the incident on May 26 while accessing their Amazon Web Services account.

Ravindran told the media that hackers were able to access KiranaPro's root accounts on GitHub and AWS.

A file with a sample of activity logs from around the time of the event and a few screenshots of the GitHub security logs were supplied by Ravindran, indicating that the hack occurred after someone obtained access to their systems using a former employee's account.

 According to Saurav Kumar, chief technology officer at KiranaPro, the attack occurred between May 24 and 25.

KiranaPro Used Google Authenticator

The business claimed to have implemented multi-factor authentication on its AWS account using Google Authenticator.

When they attempted to enter their AWS account last week, Kumar said, the multi-factor code had changed, and all of their Electric Compute Cloud (EC2) services—which provided clients with virtual computers to run their apps—were erased.

He pointed out that the KiranaPro team can only access the system by using their IAM [Identity and Access Management] account, which allows them to see that the EC2 instances are no longer there.

However, because they lack the root account, they are unable to obtain any logs or other information. According to Ravindran, KiranaPro has contacted GitHub's support staff to assist in locating the hacker's IP addresses and any evidence of the incident.

 Ravindran added that the business is bringing legal action against its former workers, claiming that they failed to provide their login information so that they could access their GitHub accounts and view their logs.

The manner of the attack remains unknown. Credential theft, including the installation of malware that steals passwords on an employee's laptop and the absence or non-enforcement of multi-factor authentication, was the source of some of the largest assaults in recent years, including LastPass, Change Healthcare, and Snowflake.