The founder of the company confirmed to TechCrunch that Indian grocery delivery startup Kiranapro has been hacked and all data has been wiped.

Deepak Ravindran, co-founder and CEO of Kiranapro, told TechCrunch that the damaged data includes the company's application code and its servers, which contain sensitive customer information, including their name, mailing address and payment details.

TechCrunch found that the company's app is online but cannot process orders.

Kiranapro, launched in December 2024, serves as a buyer app on the Indian government’s open network of digital commerce, allowing customers to buy groceries from their local stores and nearby supermarkets.

According to the company, Kiranapro has 55,000 customers, 30,000-35,000 active buyers, and 2,000 orders are placed together per day in 50 cities. Unlike typical grocery delivery applications, Kiranapro provides a voice-based interface that allows users to place orders from languages ​​such as Hindi, Tamil, Malayalam and English using voice commands in the language.

Ravindran said the startup plans to expand to 100 cities within the next 100 days before the incident.

On May 26, Kiranapro executives were aware of the incident when they logged into their Amazon Web Services account. Ravindran told TechCrunch that the hackers have access to Kiranapro's root account on AWS and Github.

Ravindran shared several screenshots of GitHub security logs and shared a file with an example of an activity log when the event occurred, suggesting that the hack happened after someone accessed their system through the account of the former employee.

Saurav Kumar, chief technology officer of Kiranapro, told TechCrunch that the hack happened around May 24-25.

The startup says it uses Google Authenticator for multi-factor authentication on its AWS account. Kumar told TechCrunch that the multifactor code changed when trying to log in to its AWS account last week, and that all electric computing cloud (EC2) services allow customers to access virtual computers to run their applications.

"We can only log in through the IAM (Identity and Access Management) account, through which we can see that the EC2 instance no longer exists, but we can't get any logs or anything because we don't have a root account."

Ravindran said Kiranapro has contacted Github’s support team to help determine the hacker’s IP address and other traces of the incident.

Similarly, Ravindran told TechCrunch that the startup is filing a case against its former employees, who said they have not submitted their qualifications to access their GitHub account to check their logs.

It is not clear how the attack occurred. Some of the biggest cyber attacks in recent years, such as LastPass, Change Healthcare and Snowflake, have been caused by credential theft, such as publicity for malware through passwords installed on employees’ laptops and missing or unforced multi-factor authentication.

These companies are ultimately responsible for performing the security of their own systems, including whether employees must use multi-factor authentication and terminate accounts of former employees who no longer work at the company.

Kiranapro calculated Blume Ventures, unpopular Ventures and Turbostart among its institutional risk supporters, and Olympic medalists PV Sindhu and BCG MD MD Vikas Taneja among its angel investors. The company has a team of 15 employees in Bangalore and Kerala.