Indian Grocery Startup KiranaPro Was Hacked and Its Servers Deleted, CEO Confirms
In a shocking turn of events, Indian grocery delivery startup KiranaPro has confirmed that it was hacked and its servers were deleted. The company's founder, Deepak Ravindran, revealed the details to TechCrunch, stating that the hack occurred in May 2024.
KiranaPro operates as a buyer app on the Indian government's Open Network for Digital Commerce, allowing customers to purchase groceries from their local shops and nearby supermarkets. The company has gained significant traction, with 55,000 customers, 30,000-35,000 active buyers across 50 cities, who collectively place 2,000 orders daily.
Unlike traditional grocery delivery apps, KiranaPro offers a voice-based interface that enables users to place orders from local shops using voice commands in languages such as Hindi, Tamil, Malayalam, and English. The startup had ambitious plans to expand to 100 cities within the next 100 days before the incident occurred.
The hacking incident was discovered on May 26 when KiranaPro executives logged into their Amazon Web Services account. Hackers gained access to KiranaPro's root accounts on AWS and GitHub, according to Ravindran. The company used Google Authenticator for multi-factor authentication on its AWS account, but the multi-factor code had changed when they tried to log in last week.
The hack resulted in the deletion of all servers containing sensitive customer information, including names, mailing addresses, and payment details. The company's app is still online, but it cannot process orders due to the data breach.
KiranaPro has reached out to GitHub's support team to help identify the hacker's IP addresses and other traces of the incident. The company is also filing cases against its former employees, who had not submitted their credentials for accessing their GitHub accounts to check their logs.
The hacking incident highlights the importance of cybersecurity measures in protecting sensitive data. As mentioned by Ravindran, some of the biggest cyberattacks in recent years were caused by credential theft, such as through password-stealing malware installed on an employee's laptop, and missing or unenforced multi-factor authentication.
KiranaPro counts Blume Ventures, Unpopular Ventures, and Turbostart among its institutional venture backers, as well as Olympic medalist PV Sindhu and BCG MD Vikas Taneja among its angel investors. The company has a team of 15 employees located in Bengaluru and Kerala.
The incident is a significant setback for KiranaPro, which was gaining momentum in the Indian grocery delivery market. However, the company's commitment to cybersecurity and customer protection will be crucial in rebuilding trust with its customers.