KiranaPro Faces Cyberattack Destroying Servers, User Data

KiranaPro, an Indian grocery delivery startup founded in December 2024, suffered a severe cyberattack that wiped out its app code and erased sensitive customer information including names, mailing addresses, and payment details. The breach, likely occurring between May 24 and 25, involved hackers gaining root access to the company's AWS and GitHub accounts, reportedly through a former employee’s credentials, despite the use of Google Authenticator for multi-factor authentication. Although the KiranaPro app remains online, it is unable to process orders due to deletion of all Elastic Compute Cloud (EC2) services critical to its operation. KiranaPro serves about 55,000 customers with 30,000-35,000 active users across 50 cities and had plans to expand rapidly before the incident. The company is working with GitHub support to trace the attack and is pursuing legal action against former employees who did not surrender access credentials. This attack has significantly disrupted KiranaPro’s operations, highlighting vulnerabilities even in startups with advanced security measures.