KiranaPro Hack: Code Wiped, CEO Names Insider Suspect

Quick commerce startup KiranaPro recently confirmed a severe cyberattack that compromised its servers, wiped out its core infrastructure, and exposed sensitive user data. The incident, which came to light on May 26, has temporarily halted the platform’s ability to process orders, though the app remains online.

Founded in late 2024, KiranaPro connects customers to local kirana stores through a voice-based grocery ordering app built on the Indian government’s ONDC network.

The company had just begun its rollout in Kashmir—a symbolic market launch—when the breach struck.

“They didn’t just attack a startup. They tried to break a spirit. But from the valley, we rise,” said Deepak Ravindran, co-founder and CEO, in a LinkedIn post.

A Targeted Breach

KiranaPro initially discovered the breach while logging into their Amazon Web Services (AWS) account, only to find that access to their root credentials had been revoked.

Hackers had also accessed and deleted the startup’s GitHub codebase, wiping out their Elastic Compute Cloud (EC2) services—the backbone of their application infrastructure.

“It wasn’t random. It wasn’t opportunistic. It was deliberate. And it was personal,” Ravindran wrote. “Our servers were breached, critical infrastructure was deleted, and sensitive customer data was compromised.”

The attack is believed to have occurred between May 24 and 25, likely through a former employee’s credentials. CTO Saurav Kumar confirmed that while the company had multi-factor authentication using Google Authenticator, the code had changed by the time the team attempted to regain control.

“We can only log in through the IAM [Identity and Access Management] account, through which we can see that the EC2 instances don’t exist anymore,” Kumar said. “But we are not able to get any logs or anything because we don’t have the root account.”

Response, Investigation, and GitHub Access Restored

KiranaPro quickly mobilized its internal engineering and external security teams to investigate the breach. The company has filed legal action against former employees and is working closely with GitHub support to trace the source of the attack.

Earlier today, Ravindran confirmed that GitHub access had finally been restored, allowing the team to begin rebuilding operations.

“After days of intense effort, GitHub has finally responded… we’re on track to be BACK LIVE by EOD,” Ravindran posted. “Your support has been our firewall.”

Ravindran also began publicly naming suspects through LinkedIn posts, sharing screenshots of logs and security confirmations.

“Today we will expose the hacker in public,” he announced in a separate post, adding, “Suspect 1 confirmed,” with accompanying evidence.

While the exact method of attack remains under investigation, Ravindran stressed that KiranaPro would lead with transparency rather than victimhood.

“We're here to lead with transparency. Our immediate actions included collaborating with cybersecurity experts, notifying affected customers, and working closely with law enforcement agencies.”

A Start-up Spirit Tested, But Not Broken

The breach comes at a critical moment for KiranaPro, which had grown to serve 55,000 customers across 50 cities, with 2,000 daily orders and plans to expand to 100 cities in 100 days.

The company had raised $188K in funding from Blume Ventures, Unpopular Ventures, Turbostart, and others, and counts Olympic medalist PV Sindhu among its angel investors.

Now, those ambitions are on hold—but not indefinitely.

“This incident has only strengthened our resolve,” said Ravindran. “We are more committed than ever to our mission of empowering local businesses through technology.”

Lessons in Cyber Hygiene

The KiranaPro hack mirrors recent high-profile incidents at LastPass, Change Healthcare, and Snowflake, where credential theft, poor offboarding, and inadequate multi-factor enforcement opened doors for attackers.

Experts say this should be a wake-up call for Indian startups relying on cloud infrastructure and external collaborators.

As KiranaPro begins its rebuild with newly regained code access and hardened systems, the message from its founders is clear: this was a direct attack, but it won’t be the end.