KiranaPro Hacked: Cyberattack Destroys App Code, Servers, and User Data In a chilling reminder of how vulnerable tech startups can be, quick commerce platform KiranaPro—which is integrated with
In a chilling reminder of how vulnerable tech startups can be, quick commerce platform KiranaPro—which is integrated with the Indian government’s ONDC (Open Network for Digital Commerce)—has suffered a devastating cyberattack that completely wiped out its servers, app code, and sensitive customer data.
The incident unfolded between May 24 and 25, and by the time the team discovered the breach on May 26, it was already too late. KiranaPro’s core systems hosted on Amazon Web Services (AWS) were gone. Its GitHub codebase was erased. And perhaps most alarming—user data including names, addresses, and payment details vanished.
So how does a company’s entire tech backbone just disappear overnight?
Let’s dive into what really happened.
KiranaPro is a quick commerce startup that connects local kiranas (neighborhood stores) to consumers via an e-commerce platform. Its integration with ONDC made it part of a growing ecosystem aiming to decentralize digital commerce in India—think of it as a hyperlocal Amazon alternative.
With fast-growing traction in tier 2 and tier 3 cities, KiranaPro was seen as a promising disruptor.
Now, that promise is hanging by a thread.
According to co-founder and CEO Deepak Ravindran, the cyberattack compromised both the company’s AWS and GitHub accounts.
In short: the company lost everything that powers its platform. And it appears the attack originated from a familiar source.
Early signs point to the breach coming from credentials linked to a former employee.
GitHub logs reviewed by the company reportedly showed suspicious activity tied to that ex-staffer’s account. It’s possible the account wasn’t deactivated or was reused in a way that gave hackers the backdoor they needed.
This raises serious questions about internal cybersecurity protocols—and whether this breach could have been prevented.
KiranaPro’s Chief Technology Officer Saurav Kumar confirmed the worst: they no longer have root access to their AWS account. Only IAM (Identity and Access Management) access remains—and that doesn’t give them control over the now-deleted infrastructure.
“We can only log in through the IAM account, through which we can see that the EC2 instances don’t exist anymore, but we are not able to get any logs or anything because we don’t have the root account,” Kumar said.
That means no access to logs, no audit trail, no recovery—nothing.
Let’s break it down:
In short: this is existential.
KiranaPro has not released a full public statement yet, but it’s clear that the company is in crisis mode.
Here’s what they’ll need to do—fast:
The KiranaPro breach is not just a tech glitch—it’s a case study in what happens when cybersecurity is not taken seriously enough.
Many Indian startups, especially in fast-moving sectors like fintech, logistics, and e-commerce, prioritize growth over security in their early stages. This event might finally force founders to invest in:
KiranaPro went from promising ONDC partner to cyberattack victim overnight. What was once a potential unicorn story is now a cautionary tale for the entire startup ecosystem.
The road to recovery will be long—and uncertain. If the company can recover at all.
For now, users are stuck with a non-functional app, and KiranaPro is left scrambling to rebuild a business that essentially disappeared in a matter of hours.
