Indian grocery startup KiranaPro was hacked and its servers deleted, CEO confirms

Indian grocery supply startup KiranaPro has been hacked and all its knowledge has been wiped, the corporate’s founder confirmed to TechCrunch.

The destroyed knowledge included the corporate’s app code and its servers containing banks of delicate buyer info, together with their names, mailing addresses, and fee particulars, KiranaPro co-founder and CEO Deepak Ravindran advised TechCrunch.

The corporate’s app is on-line however can’t course of orders, TechCrunch has discovered.

Launched in December 2024, KiranaPro operates as a purchaser app on the Indian authorities’s Open Community for Digital Commerce, permitting prospects to buy groceries from their native retailers and close by supermarkets.

KiranaPro has 55,000 prospects, with 30,000-35,000 lively consumers throughout 50 cities, who collectively place 2,000 orders each day, in line with the corporate. In contrast to a typical grocery supply app, KiranaPro presents a voice-based interface that permits customers to put orders from native retailers utilizing voice instructions in languages akin to Hindi, Tamil, Malayalam, and English.

The startup deliberate to broaden to 100 cities within the subsequent 100 days earlier than the incident occurred, Ravindran stated.

On Might 26, KiranaPro executives turned conscious of the incident whereas logging into their Amazon Net Companies account. Hackers gained entry to KiranaPro’s root accounts on AWS and GitHub, Ravindran advised TechCrunch.

Ravindran shared a few screenshots of the GitHub safety logs and a file containing a pattern of exercise logs across the time of the incident, suggesting that the hacking occurred after somebody gained entry to their programs by way of a former worker’s account.

KiranaPro’s chief expertise officer Saurav Kumar advised TechCrunch that the hack occurred round Might 24-25.

The startup stated it used Google Authenticator for multi-factor authentication on its AWS account. Kumar advised TechCrunch that the multi-factor code had modified after they tried to log into their AWS account final week, and all their Electrical Compute Cloud (EC2) providers, which let shoppers entry digital computer systems to run their functions, had been deleted.

“We will solely log in via the IAM [Identity and Access Management] account, via which we are able to see that the EC2 situations don’t exist anymore, however we aren’t capable of get any logs or something as a result of we don’t have the foundation account,” he stated.

KiranaPro has reached out to GitHub’s assist staff to assist determine the hacker’s IP addresses and different traces of the incident, stated Ravindran.

Equally, Ravindran advised TechCrunch that the startup is submitting instances in opposition to its former workers, who he stated had not submitted their credentials for accessing their GitHub accounts to examine their logs.

It’s unclear how the assault occurred. Among the largest cyberattacks lately, akin to LastPass, Change Healthcare, and Snowflake, had been attributable to credential theft, akin to via password-stealing malware put in on an worker’s laptop computer, and lacking or unenforced multi-factor authentication.

The businesses had been finally chargeable for implementing the safety of their very own programs, together with whether or not their workers should use multi-factor authentication, and terminating accounts of former workers who not work at their firm.

KiranaPro counts Blume Ventures, Unpopular Ventures, and Turbostart amongst its institutional enterprise backers, in addition to Olympic medalist PV Sindhu and BCG MD Vikas Taneja amongst its angel buyers. The corporate has a staff of 15 workers positioned in Bengaluru and Kerala.