Quick Commerce Platform KiranaPro App Code Destroyed In Cyber Attack
KiranaPro suffered a major cyberattack that wiped out its app code and user data after hackers accessed root accounts via a former employee’s credentials. The company has halted order processing and is pursuing legal action while investigating the breach. KiranaPro, a platform for quick commerce, has purportedly been hacked, affecting all of its data and private user information. Deepak Ravindran, the CEO and cofounder of KiranaPro, told TechCrunch that the “destroyed data” on the company’s servers contained user information such as names, mailing addresses, and payment details in addition to the app code. The KiranaPro app is available online, however, orders are not being processed by the platform. The problem was discovered on May 26 after KiranaPro executives allegedly discovered that hackers had obtained access to the company’s root accounts on GitHub and AWS while logging into their Amazon Web Services account. According to the report, the platform was targeted after an individual used a former employee’s account to access the startup’s servers. According to reports, Saurav Kumar, the chief technology officer (CTO) of KiranaPro, stated that the attack most likely took place between May 24 and May 25. According to Kumar, when executives tried to log in last week, the login code had changed even though the company had Google Authenticator set up for multi-factor authentication on its AWS account. When KiranaPro staff logged in, they discovered that all of their Elastic Compute Cloud (EC2) services, which provided clients with virtual computers on which to execute their apps, had been erased. Since we lack the root account, Kumar allegedly continued, “We can only log in through the IAM [identity and access management] account, which shows that the EC2 instances don’t exist anymore, but we are unable to get any logs or anything.” Meanwhile, the company is said to have reached out to GitHub’s support team to help identify the hacker’s IP addresses. Additionally, according to reports, Ravindran stated that the business is currently pursuing legal action against its former workers who “failed to submit their credentials for accessing their GitHub accounts to check their logs.” The specifics of how the cyberattack occurred are still unclear. KiranaPro, a rapid commerce business founded in 2024 by Ravindra and Deepankar Sarkar, delivers groceries in 10–20 minutes by collaborating with neighbourhood merchants and kirana outlets. With the aid of its voice-based AI model, it links consumers with nearby kirana shops through the ONDC network. Supported by firms such as Unpopular Ventures, Blume Ventures, Snow Leopard Ventures, and TurboStart, the start-up has collected over $188K in capital thus far.