KiranaPro Suffers Devastating Cyberattack, Losing All Data and App Code
Indian grocery delivery startup KiranaPro suffered a catastrophic cyberattack between May 24 and 25, resulting in the complete destruction of its data, including sensitive customer information and app source code. The breach, attributed to attackers exploiting a former employee’s account, allowed unauthorized access to the company’s AWS and GitHub accounts, according to co-founder and CEO Deepak Ravindran.
The attack crippled KiranaPro’s infrastructure, with all Amazon EC2 (Elastic Compute Cloud) services deleted and multi-factor authentication (MFA) codes for its AWS account replaced. The company’s Chief Technology Officer, Saurav Kumar, confirmed that while they could access the IAM (Identity and Access Management) account, critical logs and root-level controls were inaccessible, leaving them unable to recover the lost data.
Prior to the incident, KiranaPro had been preparing to expand operations to 100 cities across India. The investigation into the attacker’s identity is ongoing, but the breach has already dealt a severe blow to the startup’s operations.
Source: https://www.scworld.com/brief/cyberattack-eradicates-indian-grocery-startups-data
KiranaPro TPRM report: https://www.rankiteo.com/company/kiranapro
"id": "kir1768366134",
"linkid": "kiranapro",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Grocery Delivery',
'location': 'India',
'name': 'KiranaPro',
'type': 'Startup'}],
'attack_vector': 'Compromised former employee account',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive customer information, '
'app code'},
'date_detected': '2024-05-24',
'description': 'All data belonging to Indian grocery delivery startup '
'KiranaPro, including its sensitive customer information '
'stored in its servers and its app code, has been destroyed '
'following a cyberattack between May 24 and 25. Attackers '
"leveraged a former employee's account to infiltrate "
"KiranaPro's AWS and GitHub accounts. The multi-factor "
'authentication code for the AWS account was replaced, and all '
'Electric Compute Cloud services were removed.',
'impact': {'data_compromised': 'All data, including sensitive customer '
'information and app code',
'identity_theft_risk': 'High (sensitive customer information '
'exposed)',
'operational_impact': 'Complete data destruction, inability to '
'access logs or root account',
'systems_affected': 'AWS (EC2 instances), GitHub'},
'initial_access_broker': {'entry_point': 'Former employee account',
'high_value_targets': 'AWS, GitHub'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'root_causes': 'Insufficient access controls, '
'compromised former employee '
'account, replaced MFA'},
'references': [{'source': 'TechCrunch'}],
'title': 'Cyberattack on KiranaPro Destroys All Data and App Code',
'type': 'Data Destruction',
'vulnerability_exploited': 'Insufficient access controls, replaced MFA'}