Indian Grocery Startup KiranaPro Suffers Major Data Breach

Indian grocery delivery startup KiranaPro recently suffered a devastating cyberattack that wiped out its entire data infrastructure, including app code and servers containing sensitive customer information. This breach has halted the company’s ability to process orders across its network of 50 cities, impacting thousands of active users.

Founded in December 2024, KiranaPro operates on India's Open Network for Digital Commerce (ONDC), enabling customers to order groceries from local shops using a unique voice-based interface supporting multiple Indian languages. With 55,000 customers and around 2,000 daily orders, the startup was poised for rapid expansion to 100 cities before the attack occurred.

The breach was detected on May 26 when KiranaPro executives noticed unauthorized access to their Amazon Web Services (AWS) root accounts and GitHub repositories. The hackers deleted all Elastic Compute Cloud (EC2) instances, effectively erasing the virtual machines running KiranaPro’s applications. Multi-factor authentication was in place via Google Authenticator, but the multi-factor codes had been altered, indicating a sophisticated compromise.

Initial investigations suggest the attack may have originated through a former employee’s compromised credentials, highlighting a common vulnerability in many recent high-profile cyberattacks. KiranaPro is collaborating with GitHub support to trace the hacker’s IP addresses and is pursuing legal action against former employees who failed to provide access credentials for forensic analysis.

This incident underscores the critical importance of rigorous credential management, especially for startups handling sensitive customer data and operating cloud infrastructure. Even with multi-factor authentication, lapses such as not revoking access for former employees can lead to catastrophic data loss and operational disruption.

Lessons from the KiranaPro Cyberattack

Startups and enterprises alike can learn from KiranaPro’s experience. Here are key takeaways:

• Implement strict access controls and promptly revoke credentials of former employees to prevent unauthorized access.
• Use multi-factor authentication consistently, but also monitor for unusual changes in authentication methods or codes.
• Maintain comprehensive logging and monitoring on cloud platforms like AWS and GitHub to detect suspicious activity early.
• Prepare incident response plans that include legal and forensic steps to quickly address breaches and mitigate damage.

The Road Ahead for KiranaPro

KiranaPro is actively working to recover from this setback. While its app remains online, order processing is currently disabled. The company is engaging with cloud service providers and legal authorities to identify the perpetrators and restore its infrastructure. This incident may delay its ambitious expansion plans but also serves as a wake-up call for startups leveraging cloud and digital commerce platforms.

In an era where digital commerce is rapidly evolving, securing cloud environments and managing access credentials is not just a technical necessity but a strategic imperative. KiranaPro’s experience highlights how quickly vulnerabilities can be exploited and the importance of proactive cybersecurity measures.