The recent cyberattack on KiranaPro, a grocery delivery startup operating in India’s bustling quick commerce space, serves as a stark reminder of the threat posed by security vulnerabilities to every company using a digital-first business model.
KiranaPro, launched in December 2024, quickly garnered attention for its innovative approach to grocery delivery, offering seamless, multi-lingual and voice-based grocery ordering experience. The startup company which had grown to 55,000 customers and 30,000-35,000 active buyers, seemed poised to expand rapidly.
But all of that came to a halt when hackers targeted the startup’s systems in late May 2025, ultimately leading to the destruction of critical data and services.
Inside the KiranaPro Attack: What Really Went Wrong
The hack occurred around May 24-25, 2025, when KiranaPro’s executives realized something was terribly wrong. Upon trying to log into their Amazon Web Services (AWS) account, they discovered that they could no longer access their cloud infrastructure. Key information that supported their platform, including app code, customer details (names, mailing addresses, payment information) and their cloud-based servers, had been wiped clean.
According to Deepak Ravindran, the co-founder and CEO of KiranaPro, hackers had gained access to their root accounts on AWS and GitHub. This access allowed them to delete crucial services, including the Electric Compute Cloud (EC2) instances that were running the application.
This was a well-planned attack. The company’s Chief Technology Officer (CTO) Saurav Kumar, confirmed that the multi-factor authentication (MFA) codes linked to their AWS account had changed, making it impossible for the team to recover the data. As a result, KiranaPro lost access to critical logs and diagnostic data, which would have helped them understand the full scope of the breach.
What Caused the Grocery Startup Breach? Key Vulnerabilities Exposed
1. Credential Theft from Former Employees
The most significant piece of the puzzle lies in how the hackers likely gained access to KiranaPro’s systems—through a former employee’s account. According to Mr. Ravindran, the attack may have originated from an old employee’s credentials still being active.
If these credentials were not properly revoked, they could have served as an entry point for the attackers. This is a classic case of insider threat, where someone with legitimate access to a company’s resources either intentionally or unintentionally becomes a pathway for an external attack.
2. Inadequate Termination of Access for Ex-Employees
Many companies overlook a key aspect of cybersecurity—ensuring that all credentials for former employees are promptly terminated. This step is crucial because any lingering access, even if unintentional, can lead to breaches. KiranaPro’s failure to revoke the former employee’s access may have played a major role in facilitating the hack.
3. Weaknesses in Multi-Factor Authentication (MFA)
Despite implementing Google Authenticator for MFA, the attackers were able to change the MFA code, which indicates that the security measures, though initially sound, may have been improperly managed. This points to potential flaws in enforcing consistent MFA policies and ensuring that they are adequately protected against tampering.
4. Lack of Proper Logging and Monitoring Systems
After the breach, KiranaPro’s team couldn’t recover any logs, making it difficult to trace the origin and extent of the attack. This highlights the importance of not just relying on cloud services like AWS but also having an in-house system for monitoring activity and keeping detailed logs. Without these logs, organizations are blind to potential breaches and may struggle to recover from incidents effectively.
The Impact: Disruption to Business and Loss of Trust
The impact on KiranaPro was significant:
1. Loss of Customer Data
The destruction of customer information, including names, addresses, and payment details, poses a major concern not only for the company’s operational continuity but also for its customers’ privacy and security. Such breaches expose customers to the risk of identity theft and fraud.
2. Disruption of Services
Since the company’s app could no longer process orders, KiranaPro was essentially rendered inoperable. The app, which was central to the company’s business model, became useless. With 2,000 orders being placed daily, this downtime led to immediate revenue loss and customer dissatisfaction.
3. Reputational Damage
Beyond financial losses, the hack has undoubtedly damaged the company’s reputation. Customers are likely to lose trust in the platform, especially when it comes to data security. In a competitive market, it may be difficult for KiranaPro to regain its customer base after such an incident.
4. Legal and Financial Consequences
The company’s legal department is filing cases against its former employees for not providing their credentials for GitHub accounts, and it is possible that KiranaPro will face lawsuits related to data breaches. This could incur legal fees, settlements, and penalties, further draining company resources.
Key Learnings and Takeaways
1. Ensure Immediate Revocation of Ex-Employee Access
One of the most crucial lessons here is the need for startups to immediately revoke access to systems for former employees. It’s important to have clear, enforceable policies for managing access rights and credentials, and to perform regular audits of employee access.
2. Implement Stronger Multi-Factor Authentication Protocols
While MFA is an essential tool in cybersecurity, companies must go beyond just basic implementations. MFA solutions should be continuously tested for weaknesses, and additional layers of security, such as biometric authentication or hardware tokens, should be considered for highly sensitive systems.
3. Monitor and Log All Activities
Having proper monitoring and logging systems in place is critical. Startups should not solely depend on cloud providers’ tools but also invest in internal solutions that allow for full visibility of their digital infrastructure. This enables them to quickly detect any suspicious activity, respond to potential threats, and recover faster in case of a breach.
4. Data Encryption and Backups
Regular backups and strong data encryption protocols can help reduce the damage caused by attacks. In this case, even if the data was wiped, secure backups could have helped the company restore critical systems faster. Encryption would also add an additional layer of protection to sensitive customer data, preventing hackers from easily accessing or exploiting it.
5. Develop a Crisis Management Plan
Finally, KiranaPro’s situation underscores the importance of having a crisis management and incident response plan. Being prepared with a clear process for handling breaches can help businesses recover more quickly and reduce the risk of long-term damage.
Why Startups Are Prime Targets for Cybercriminals
Startups are often laser-focused on growth, product-market fit, and customer acquisition, leaving cybersecurity as a lower priority. But attackers know this. Common gaps like under-resourced IT teams, lax access controls, and poor security hygiene make startups easier to breach. In industries like quick commerce, where speed and digital agility are key, security missteps can escalate quickly.
How CyberNX Can Help?
The KiranaPro incident highlights several critical areas of cybersecurity that need to be addressed for any company relying on cloud infrastructure.
Whether you are a scaling grocery startup, a growing quick commerce app, or a tech-first business, CyberNX can secure your journey from the ground up. We specialize in providing solutions that can strengthen your cloud security and data protection practices.
Here’s how we can assist you:
1. Cloud Security Assessment
A thorough assessment of your cloud infrastructure can help identify potential vulnerabilities and gaps in your security setup. At CyberNX, we analyse your cloud environment to detect any weaknesses, review access controls, and evaluate your compliance with security best practices. Our team will provide actionable recommendations to fortify your cloud infrastructure against future cyber threats.
2. Setting Up Backup and Disaster Recovery (DR) for Public Cloud
Ensuring that your data is backed up and protected is critical to your business continuity. We can help design and implement a robust backup and disaster recovery strategy tailored for your public cloud environment. With CyberNX, you will have a resilient system that ensures minimal downtime and data recovery in the event of an incident like the KiranaPro breach.
3. Implementing Best Practices on Your Public Cloud
Securing your public cloud infrastructure requires a proactive approach to security. CyberNX helps you implement industry-standard security best practices, such as enforcing multi-factor authentication, setting up proper identity and access management (IAM) roles, applying encryption protocols, and ensuring compliance with data privacy regulations. We also offer regular security audits and training to keep your team ahead of potential threats.
Conclusion
The KiranaPro incident serves as a wake-up call for all startups and businesses, regardless of their size or industry.
Cybersecurity should be a top priority. It should be seen as a growth enabler. A must-have rather than a nice-to-have. Companies must remain vigilant against evolving threats. By learning from the mistakes of others and implementing robust security measures, businesses can minimize the risk of similar attacks and protect both their customers and their reputation.
Startups, especially in the early stages, must recognize that data security is not a one-off concern, but an ongoing effort requiring consistent vigilance, the right tools, and a proactive approach to risk management. Founders must recognize that every code push, every new hire, and every third-party integration comes with risks. By building security into your DNA from day one, you not only protect your users but future-proof your business.
Ensure your systems remain secure by partnering with experts like CyberNX. We help your business thrive in a safe digital environment.
