KiranaPro, a grocery delivery company, has taken a severe hit from a serious cyberattack that put its operations down. The attack, aside from making the app redundant, also led to leaked customer data such as names, addresses, and financial data. KiranaPro's founder, Deepak Ravindran, asserted the incident in a statement to TechCrunch.
Fast Growth Cut Short by Cyber Breach
Launched in December 2024, KiranaPro had picked up momentum for its new voice-based ordering facility in native languages like Hindi, Tamil, Malayalam, and English. It connected customers to their local kirana shops in 50 cities and was processing between 2,000 orders a day. The firm was ready to double its penetration in 100 days when the attack put everything in abeyance.
Hack Discovered Through AWS Lockout
The breach was uncovered on May 26 after the team could no longer access the firm's Amazon Web Services (AWS) account. The hackers were found to have accessed the company's root AWS and GitHub accounts, with ex-employee credentials probably used. All this was happening despite two-factor authentication that the company had configured.
Whole Infrastructure and Data Lost
The attackers erased everything—from the app code to the critical backend infrastructure. All the virtual machines (EC2 instances) that were running the app were destroyed, leaving the team with no backup. KiranaPro is now working with GitHub to identify the attackers and is in the process of preparing legal action against former employees who failed to surrender their access credentials.
Investors include Blume Ventures And PV Sindhu
KiranaPro had strong investor support, such as Olympic medallist PV Sindhu and Blume Ventures. Despite the strong support, it will be tough to bounce back from this level of damage. The company is focusing on damage control, reinstating its infrastructures, and enhancing its security systems to prevent such an incident in the future.
Customer Trust and Future at Stake
While the company is hopeful for a turnaround, it now faces the challenge of restoring customer trust. Customer data is compromised, and the app is offline. The way forward is as much about technical recovery as reputation rebuilding. All growth plans are on the backburner now as the startup deals with the fallout of the breach.
