Indian grocery delivery startup KiranaPro has suffered a severe cyberattack resulting in the deletion of its servers and customer data, the company’s CEO has confirmed.
The incident, which took place around May 24-25, was discovered when the company’s executives attempted to log into their Amazon Web Services (AWS) account on May 26. According to KiranaPro’s co-founder and CEO Deepak Ravindran, attackers managed to infiltrate the company’s root accounts on AWS and GitHub, destroying critical resources including the app code and customer databases.
Sensitive information such as customer names, addresses, and payment details were wiped out during the breach. While the KiranaPro app remains online, it currently cannot process orders, leaving the service effectively inoperable.
Launched in December 2024, KiranaPro operates as part of India’s Open Network for Digital Commerce (ONDC). It allows customers across 50 Indian cities to order groceries from local stores via a voice-based interface supporting multiple languages, including Hindi, Tamil, Malayalam, and English. At the time of this attack, the company had grown rapidly, serving 55,000 customers with approximately 30,000-35,000 active users who placed around 2,000 orders daily.
According to Ravindran, KiranaPro was planning aggressive growth—expanding into 100 cities within the next 100 days—before the cyberattack abruptly halted all operations.
Chief Technology Officer Saurav Kumar explained that despite having multi-factor authentication via Google Authenticator implemented on their AWS account, the hackers managed to alter authentication credentials, effectively locking the startup out. Additionally, he stated that all Amazon Elastic Compute Cloud (EC2) instances hosting their virtual servers were entirely deleted. “We can only access via an Identity and Access Management (IAM) account, but our EC2 services no longer exist, and the root account access is gone,” Kumar confirmed.
The startup’s internal investigation identified suspicious activities connected to a former employee’s account, prompting the company to initiate legal action against some former employees who reportedly did not surrender their access credentials upon leaving. Ravindran said he has reached out to GitHub’s security team, seeking assistance to trace the origin and details of the breach through security logs, IP addresses, and activity trails.
The precise method and motivation of the hackers remain unclear. However, cybersecurity experts suggest that such attacks typically involve compromised credentials or inadequate enforcement of multi-factor authentication policies. Similar breaches in recent years that targeted major tech companies have also involved password theft or stolen credentials.
KiranaPro, backed by venture funds including Blume Ventures, Unpopular Ventures, and Turbostart, as well as prominent angel investors such as Olympic medalist PV Sindhu and Boston Consulting Group’s Managing Director Vikas Taneja, has a team of around 15 staff working out of offices in Bengaluru and Kerala.
The company has not yet detailed steps for recovering the service or restoring the lost data.
