Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Indian grocery delivery startup Kiranapro was hacked and all of his data was suffered, confirmed the founder of the company at Techcrunch.
The destroyed data included the company’s application code and its servers containing sensitive customer information banks, including their names, postal addresses and payment details, said in Techcrunch, co-founder and CEO of Kiranapro, Deepak Ravindran.
The company’s application is online but cannot process orders, Techcrunch revealed.
Launched in December 2024, KIRANAPRO operates as a buyer application on the Open network of the Indian government for digital tradeAllowing customers to buy grocery products in their local stores and supermarkets nearby.
KIRANAPRO has 55,000 customers, with 30,000 to 35,000 active buyers in 50 cities, which collectively place 2,000 orders per day, according to the company. Unlike a typical grocery delivery application, KIRANAPRO offers a voice interface that allows users to place orders in local stores using vocal commands in languages such as Hindi, Tamil, Malayalam and English.
The startup planned to extend to 100 cities in the next 100 days before the incident, said Ravindran.
On May 26, Kiranapro leaders became aware of the incident while connecting to their Amazon Web Services account. The pirates had access to Kiranapro’s root accounts on AWS and Github, said Ravindran in Techcrunch.
Ravindran shared a few screenshots of the GitHub security newspapers and a file containing a sample of business newspapers at the time of the incident, suggesting that hacking occurred after someone had access to their systems via an old employee account.
Kiranapro technology director Saurav Kumar told Techcrunch that the hack had taken place from May 24 to 25.
The startup said that it had used Google Authenticator for multi-factory authentication on its AWS account. Kumar told Techcrunch that the multi-factor code had changed when they had tried to connect to their AWS account last week, and all their electric calculation cloud services (EC2), which allow customers to access virtual computers to execute their applications, have been deleted.
“We can only connect via IAM [Identity and Access Management] Account, through which we can see that the EC2 instances no longer exist, but we cannot obtain newspapers or anything because we do not have the root account, “he said.
Kiranapro contacted the Github assistance team to help identify the IP addresses of the pirate and other traces of the incident, said Ravindran.
Likewise, Ravindran told Techcrunch that the startup has filed business against its former employees, who, according to him, had not submitted their identification information to access their Github accounts to check their newspapers.
We do not know how the attack occurred. Some of the biggest cyber attacks in recent years, such as Pass,, Change healthAnd Snowflakewere caused by an identification flight, as through Flight malwowirs Installed on the laptop of an employee and the missing or not applied multi-factor authentication.
Companies were ultimately responsible for the security application of their own systems, especially if their employees had to use multi-factory authentication and put an end to the accounts of former employees who no longer work in their company.
Kiranapro has Blume Ventures, Impopulalar Ventures and Turbostart among its institutional donors, as well as the Olympic medalist PV Sindhu and the BCG MD Vikas Taneja among its providential investors. The company has a team of 15 employees located in Bengaluru and Kerala.
