Indian grocery startup KiranaPro  Hacked

Indian grocery startup KiranaPro suffered a major cyberattack  Hackers gained access to the company’s root accounts on both Amazon Web Services (AWS) and GitHub, leading to the complete deletion of its servers and destruction of customer data. The breach wiped out the company’s app code and servers containing sensitive customer information such as names, mailing addresses, and payment details.

KiranaPro has 55,000 customers, with 30,000-35,000 active buyers across 50 cities, who collectively place 2,000 orders daily, according to the company. Unlike a typical grocery delivery app, KiranaPro offers a voice-based interface that allows users to place orders from local shops using voice commands in languages such as Hindi, Tamil, Malayalam, and English

KiranaPro is backed by institutional investors including Blume Ventures, Unpopular Ventures, and Turbostart. Its angel investors include Olympic medalist PV Sindhu and Vikas Taneja, Managing Director at BCG. The company operates with a 15-member team based in Bengaluru and Kerala.

    Incident Discovery:   KiranaPro executives discovered the hack on May 26, 2025, when they tried to log into their AWS account and realized their multi factor authentication code had changed and all EC2 instances were deleted.

  The attack destroyed all operational data, making the app unable to process orders, though it remains online.

  The breach likely occurred through a former employee’s account, which had not been properly deactivated or its credentials collected. This allowed hackers to access root accounts and delete critical infrastructure.

     KiranaPro used Google Authenticator for multi factor authentication, but the attackers managed to bypass or reset this protection.

     All customer and operational data, including sensitive information, was lost as a result of the attack.

    KiranaPro’s leadership, including CEO Deepak Ravindran, has been transparent about the breach, sharing updates on social media and reaching out to GitHub for assistance in tracing the attacker.

https://www.instagram.com/kirana_pro/

    The company is working closely with cybercrime authorities and has appealed for help from the cybersecurity community to investigate the breach.

  The attack underscores the importance of enforcing strict security protocols, especially regarding employee account management and multi factor authentication.

  KiranaPro’s case is notable for the scale of data loss and the company’s open approach to addressing the incident with its users and stakeholders.

  The company is seeking to recover from backups (if any exist) and restore services, but the full extent of recovery is unclear at this time.