KiranaPro Grocery App Suffers Breach, Sensitive Customer Data At Risk

Indian grocery delivery startup KiranaPro has been hit by a severe cyberattack that has taken its app offline and erased customer data.

Founder Deepak Ravindran confirmed the incident, revealing that hackers gained full access to their systems and deleted everything — from app code to user details like names, addresses, and payment information.

Launched in December 2024, KiranaPro gained traction with its voice-based ordering in Hindi, Tamil, Malayalam, and English, connecting users to kirana stores across 50 cities and handling 2,000 orders daily.

The attack came to light on May 26 when the team lost access to their Amazon Web Services (AWS) account. Hackers had compromised both AWS and GitHub root accounts, likely using login credentials from a former employee.

All servers were wiped, including essential EC2 instances that powered the app. Despite having two-factor authentication in place, the intruders still broke in.

The company is now working with GitHub to trace the breach and plans to take legal action against ex-employees who failed to return access credentials.