Indian startup of food delivery Kiranapro He was hacked and all his data was destroyed, the company’s founder confirmed TechCrunch.
Destroyed data included the company’s application code and its servers containing banks of confidential customer information, including their names, mailing addresses and payment details, said TechCrunch, co -founder and general director of Deepak Ravindran.
TechCrunch said the company’s application is online but cannot process orders.
Launched in December 2024, Kiranapro acts as a buyer’s application in the open network of India government in digital trade, enabling customers to purchase groceries in local stores and nearby supermarkets.
According to Kiranapro, it has 55,000 customers, with 30,000–35,000 lively buyers in 50 cities who place a total of two,000 orders per day. Unlike a typical food delivery application, Kiranapro offers a voice interface that permits users to put orders from local stores using voice commands in languages equivalent to Hindi, Tamilskie, Malajalam and English.
Ravindran said that the startup planned to extend to 100 cities in the next 100 days before the incident.
On May 26, Kiranapro’s management realized the incident while logging in to its Amazon Web Services account. Hackers gained access to the important Kiranapro contacts at AWS and Github, Ravindran told Techcrunch.
Ravindran made several screenshots of the GitHub security diary and a file containing a sample of activity logs during the incident, suggesting that hacking took place after someone gained access to their systems via the account of a former worker.
Kiranapro technology director, Saurav Kumar, told Techcrunch that Hack took place around 24-25 May.
Startup said that he used Google Authenticator for multi -component authentication on his AWS account. Kumar said Techcrunch that the multi -component code modified when they tried to log in to their AWS account last week, and all Compute Cloud electrical services (EC2), which permit customers to access virtual computers to run their applications, have been deleted.
“We can only log in through IAM [Identity and Access Management] An account with which we will see that EC2 instances do not exist anymore, but we are not in a position to get any logs or anything, because we do not have a important account, “he said.
Kiranapro contacted the GitHub support team to assist discover Hacker IP addresses and other traces of the incident, said Ravindran.
Similarly, Ravindran told Techcrunch that the startup submits matters against his former employees, who, he said, didn’t submit their certificates to realize access to their GitHub accounts to ascertain their diaries.
It is not clear how the attack took place. Some of the biggest cyber attacks in recent years, equivalent to Lastpass, Change Healthcare and Snowflake, have been caused by confirming theft equivalent to malicious software stealing the slogan installed on the worker’s laptop and missing or unimputable multi -component authentication.
Companies were finally responsible for enforcing the security of their very own systems, including whether their employees must use multifactorial authentication, and the completion of former employees who are not working in their company.
Kiranapro counts Blume Ventures, unpopular ventures and turbostart among his institutional supporters of undertakings, in addition to a medalist of the Olympic PV Sindhu and BCG MD Vikas Tanaa among angel investors. The company has a team of 15 employees positioned in Bengalur and Kerala.