Indian grocery app KiranaPro hit by major cyberattack, user data and app infrastructure wiped

KiranaPro, a rising Indian grocery delivery startup, has suffered a major cyberattack that resulted in the complete deletion of its app infrastructure and exposure of sensitive customer information, including bank and payment details. The breach, which occurred on May 24 and 25, has forced the company to shut down operations, placing significant strain on its growth and fundraising efforts.

The cyberattack was first discovered on May 26, when KiranaPro’s team found themselves unable to access their Amazon Web Services (AWS) account. Investigations revealed that attackers had gained root access to both AWS and GitHub accounts, allegedly using login credentials linked to a former employee. From there, the hackers wiped the company’s virtual machines (EC2 instances) and removed vital assets, including the app’s backend code and extensive databases containing user names, addresses, and payment details.

KiranaPro, co-founded in December 2024 by Deepak Ravindran and Deepankar Sarkar, had quickly emerged as a key player in India’s hyperlocal delivery landscape. The app facilitated voice-enabled grocery ordering in regional languages such as Hindi, Tamil, Malayalam, and English, connecting users to nearby kirana stores across 50 cities. With over 2,000 daily orders and ambitions to double its reach within 100 days, the cyberattack comes at a critical juncture.

Deepak Ravindran, KiranaPro’s Co-founder and CEO, confirmed the breach and shared details with TechCrunch and YourStory. He also revealed that despite having two-factor authentication enabled, attackers managed to bypass security controls. The company is now collaborating with GitHub to trace the source of the attack and is preparing legal action against former employees who failed to return access credentials upon exiting the company.

The hack has disrupted more than just operations. KiranaPro is currently in the midst of closing a seed funding round. The breach has delayed this effort and put Rs 5 crore worth of business partnerships on hold. The app has been non-operational for five consecutive days, leading to a loss of nearly 100,000 potential downloads and approximately 2,000 orders daily.