News

Indian Food Store App KiranaPro Hit By Major Cyberattack, User Information Wiped

Systems of KiranaPro were compromised using credentials, exposing customer banking information and wiping its app blank, as the company confirmed to TechCrunch

KiranaPro struck by massive cyberattack
info_icon

KiranaPro, a grocery delivery company, has taken a severe hit from a serious cyberattack that put its operations down. The attack, aside from making the app redundant, also led to leaked customer data such as names, addresses, and financial data. KiranaPro's founder, Deepak Ravindran, asserted the incident in a statement to TechCrunch.

Fast Growth Cut Short by Cyber Breach

Launched in December 2024, KiranaPro had picked up momentum for its new voice-based ordering facility in native languages like Hindi, Tamil, Malayalam, and English. It connected customers to their local kirana shops in 50 cities and was processing between 2,000 orders a day. The firm was ready to double its penetration in 100 days when the attack put everything in abeyance.

Advertisement

Hack Discovered Through AWS Lockout

The breach was uncovered on May 26 after the team could no longer access the firm's Amazon Web Services (AWS) account. The hackers were found to have accessed the company's root AWS and GitHub accounts, with ex-employee credentials probably used. All this was happening despite two-factor authentication that the company had configured.

Whole Infrastructure and Data Lost

The attackers erased everything—from the app code to the critical backend infrastructure. All the virtual machines (EC2 instances) that were running the app were destroyed, leaving the team with no backup. KiranaPro is now working with GitHub to identify the attackers and is in the process of preparing legal action against former employees who failed to surrender their access credentials.

Advertisement

Investors include Blume Ventures And PV Sindhu

KiranaPro had strong investor support, such as Olympic medallist PV Sindhu and Blume Ventures. Despite the strong support, it will be tough to bounce back from this level of damage. The company is focusing on damage control, reinstating its infrastructures, and enhancing its security systems to prevent such an incident in the future.

Customer Trust and Future at Stake

While the company is hopeful for a turnaround, it now faces the challenge of restoring customer trust. Customer data is compromised, and the app is offline. The way forward is as much about technical recovery as reputation rebuilding. All growth plans are on the backburner now as the startup deals with the fallout of the breach.

Advertisement

CLOSE