[[{“value”:”
KiranaPro, a quick commerce platform integrated with the ONDC, has been hit by a crippling cyberattack that wiped out its servers and deleted sensitive data, including app code and customer information. The startup’s app remains live but is unable to process any orders.
The incident, which was confirmed by co-founder and CEO Deepak Ravindran to TechCrunch, unfolded between May 24 and 25 and compromised both KiranaPro’s Amazon Web Services (AWS) and GitHub accounts. All virtual machines running on AWS’s Elastic Compute Cloud (EC2) were reportedly deleted, along with user data encompassing names, mailing addresses, and payment information.
Executives at KiranaPro discovered the breach on May 26 while attempting to log into their AWS account. By then, hackers had already accessed the startup’s root-level AWS and GitHub credentials. Screenshots of GitHub logs reviewed by TechCrunch indicate the attack may have originated through an account belonging to a former employee.
“We can only log in through the IAM [Identity and Access Management] account, through which we can see that the EC2 instances don’t exist anymore, but we are not able to get any logs or anything because we don’t have the root account,” KiranaPro’s chief technology officer Saurav Kumar told the publication.
Kumar also noted that despite using Google Authenticator for multi-factor authentication (MFA), the code had changed when the team attempted to regain access last week. Founded in December 2024, KiranaPro enables customers in 50 Indian cities to order groceries from nearby kirana stores and supermarkets via a voice-based interface supporting Hindi, Tamil, Malayalam, and English. The startup had 55,000 registered users and saw daily order volumes of around 2,000 before the attack halted operations. Ravindran said the company was preparing for a 100-city rollout in 100 days when the breach occurred.
Notably, it has reached out to GitHub’s support team for assistance in identifying the hacker’s IP address. At the same time, the startup is initiating legal proceedings against former employees who, according to Ravindran, failed to provide access to their GitHub credentials. However, no conclusive evidence has yet been made public regarding the origin or method of the intrusion.
The startup’s investor base includes institutional backers like Blume Ventures, TurboStart, Unpopular Ventures, and Snow Leopard Ventures, as well as high-profile individuals such as Olympic medalist P.V. Sindhu and Boston Consulting Group’s Vikas Taneja. Last week, it acquired augmented reality startup Likeo in an all-stock transaction valued at $1 million.
KiranaPro CEO Deepak Ravindran recently shared his insights on insights in The Indian Dream Magazine, where he discussed the platform’s mission to transform India’s 13 million kirana stores into a national delivery network powered by open infrastructure and voice AI.
“Everyone thinks kiranas are outdated. But what if they’re the future?” he said, highlighting KiranaPro’s voice-first interface, integration with the Open Network for Digital Commerce (ONDC), and plans to expand from 50 to 100 cities within 100 days. The startup had also set its sights on international markets, starting with Dubai.
“}]]
Read More Indian Startup News : Latest Posts