If you’re a regular user of KiranaPro, you might have noticed the app isn’t working. That’s because the Indian grocery delivery startup has been hacked, and its servers have been wiped clean. The company’s founder and CEO, Deepak Ravindran, confirmed the breach and its serious impact.
The attack destroyed all of KiranaPro’s backend infrastructure—including app code and sensitive customer details like names, addresses, and payment data—and left the app itself online but unable to process orders.
KiranaPro launched in December 2024 as part of India’s Open Network for Digital Commerce. The platform lets customers order groceries from their neighbourhood shops and supermarkets. Unlike most delivery apps, KiranaPro enables users to place orders in Hindi, Tamil, Malayalam, or English using voice commands.
The app has been doing well, serving about 2,000 orders daily, with 30,000 to 35,000 active users across 50 cities. In total, the company says it has 55,000 registered customers. It also aimed to expand to 100 cities within the next 100 days—until this major disruption occurred.
Hackers accessed KiranaPro systems through an ex-employee account
The issue came to light on May 26 when the KiranaPro team noticed problems accessing their Amazon Web Services (AWS) account. They quickly realised something was wrong. Hackers had gained access to their root accounts on both AWS and GitHub.
According to CTO Saurav Kumar, the attack likely happened between May 24 and 25. Ravindran shared screenshots of security logs showing that the breach may have started through a former employee’s account. Ravindran added that the startup is now taking legal action against ex-staff who didn’t hand over their GitHub credentials before leaving.
KiranaPro used Google Authenticator to add security to AWS. But when the team recently tried logging in, they saw that the multi-factor authentication code had changed. By then, their entire EC2 infrastructure—used to host virtual machines for running the app—had already been deleted.
“We can only access the IAM [Identity and Access Management] account now,” Kumar said. “It shows that all EC2 instances are gone. We can’t even see logs, as the root account is locked out.”
The company reaches out for support, blames weak account handling
KiranaPro has contacted GitHub’s support team to track down the hacker’s IP address and other clues. At the same time, it is investigating the cause internally and believes that poor handling of former employee accounts may have contributed.
Ravindran noted that credential theft has been behind some of the world’s most significant cyberattacks, like those on LastPass, Snowflake, and Change Healthcare. These often start with malware that steals passwords or outdated multi-factor systems that are easy to bypass. Many companies, like KiranaPro, didn’t remove access for ex-employees or enforce strong security practices until it was too late.
KiranaPro, which operates with a small team of 15 staff in Bengaluru and Kerala, is backed by several high-profile investors. These include Blume Ventures, Unpopular Ventures, and Turbostart. It also counts Olympic medallist PV Sindhu and BCG’s Vikas Taneja among its angel investors.
The company has not said how long it will take to restore its services, but customers will have to wait while they rebuild from scratch.
