KiranaPro, a rising startup in the quick commerce space, has been hit by a big cyberattack that completely wiped out its servers and deleted sensitive customer data. The startup, which lets people order groceries from local kirana shops through a voice-based app, was preparing for major expansion — but now, it’s dealing with a serious tech crisis.
The cyberattack happened between May 24 and 25. Hackers managed to break into KiranaPro’s Amazon Web Services (AWS) and GitHub accounts. All their virtual machines (used to run the app and backend systems) were deleted. Even the app code and user data — including names, addresses, and payment info — are gone. While the app is still live, no orders can be placed.
The KiranaPro team found out about the attack on May 26. Their CTO, Saurav Kumar, said they were only able to log in using IAM accounts, not the main root account. They suspect the hacker got in through credentials linked to a former employee. Even their multi-factor authentication was compromised.
Founded in December 2024, KiranaPro was serving 50 Indian cities and had 55,000 registered users with 2,000 orders a day. The startup had big plans — a 100-city rollout in 100 days, backed by investors like Blume Ventures, PV Sindhu, and BCG’s Vikas Taneja.
Just a week before the attack, they had acquired AR startup Likeo in a ₹8 crore deal. Now, their growth plans are on pause as they try to recover. Legal action has begun against ex-employees for not sharing credentials, and they’re working with GitHub to trace the hacker’s IP address.
The future of KiranaPro — once seen as the next big thing in ONDC-powered grocery delivery — now hangs in the balance.
Submit your story to India’s premium startup spotlight platform. – Startupbydoc