Bengaluru-based grocery delivery platform KiranaPro, operating on India’s Open Network for Digital Commerce (ONDC), has been severely crippled after hackers wiped its servers and code base.
KiranaPro, CEO Deepak Ravindran confirmed that core infrastructure hosted on Amazon Web Services and associated GitHub repositories were deleted, including sensitive customer data like names, addresses, and payment details.
Launched in December 2024, KiranaPro served 55,000 customers across 50 cities, processing 2,000 orders daily, with plans to expand to 100 cities soon.
Those ambitions are now on indefinite hold, as the app remains online but unable to process new orders.
Initial investigations suggest the breach stemmed from leftover access by a former employee.
Suspicious login activity was detected around May 24 & 25, and despite multi-factor authentication via Google Authenticator, attackers bypassed security, potentially through password-stealing malware or unrevoked credentials.
The incident underscores critical cybersecurity challenges facing Indian startups, with experts highlighting gaps in credential management and employee offboarding practices.
KiranaPro has sought forensic support from GitHub and is pursuing legal action against former employees.
With no confirmation on data recovery or encrypted backups, KiranaPro’s future—and the trust of its customers—remains uncertain, offering a stark reminder of the vulnerabilities early-stage tech firms face today.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
