KiranaPro, an AI-driven quick commerce platform integrated with India’s Open Network for Digital Commerce (ONDC), recently suffered a severe cyberattack that compromised its servers, application code, and sensitive customer data. This incident has raised significant concerns about cybersecurity practices within rapidly growing tech startups.
The Cyberattack on KiranaPro
Between May 24 and 25, 2025, KiranaPro’s Amazon Web Services (AWS) and GitHub accounts were breached. Hackers deleted all virtual machines on AWS’s Elastic Compute Cloud (EC2), erasing critical user data, including names, mailing addresses, and payment information. The attack also led to the deletion of the company’s application code, rendering the app incapable of processing orders despite remaining live.
The breach was discovered on May 26 when executives attempted to access their AWS account, only to find that root-level credentials had been compromised. Screenshots of GitHub logs suggest the intrusion may have originated from an account belonging to a former employee. KiranaPro’s Chief Technology Officer, Saurav Kumar, noted that despite using Google Authenticator for multi-factor authentication (MFA), the authentication codes had changed, preventing the team from regaining access.
Impact on Operations and Growth Plans
Founded in December 2024, KiranaPro had rapidly expanded to serve 50 Indian cities, enabling customers to order groceries from local kirana stores and supermarkets through a voice-based interface supporting multiple languages. Before the attack, the platform boasted 55,000 registered users and processed approximately 2,000 daily orders. The company was preparing for a 100-city rollout within 100 days when the breach occurred, halting its ambitious expansion plans.
Response and Legal Actions
In response to the attack, KiranaPro has reached out to GitHub’s support team to identify the hacker’s IP address and is initiating legal proceedings against former employees who failed to provide access to their GitHub credentials. However, no conclusive evidence has been made public regarding the origin or method of the intrusion.
Broader Implications for Cybersecurity in Startups
This incident underscores the critical importance of robust cybersecurity measures for startups, especially those handling sensitive customer data. The rapid growth and integration of advanced technologies can sometimes outpace the implementation of comprehensive security protocols, leaving companies vulnerable to attacks.
The KiranaPro breach is part of a larger trend of increasing cyberattacks targeting various industries. For instance, in April 2025, the Qilin ransomware group emerged as a significant threat, with a victim count of 72, primarily targeting the manufacturing sector. Additionally, in February 2025, Lee Enterprises, a major U.S. media company, suffered a ransomware attack that disrupted operations across 75 local newspapers.
Lessons for the Startup Ecosystem
Startups must prioritize cybersecurity from the outset, implementing measures such as:
- Regular Security Audits: Conducting frequent assessments to identify and mitigate vulnerabilities.
- Employee Training: Educating staff on security best practices and potential threats.
- Access Controls: Implementing strict access controls and regularly updating credentials, especially when employees leave the company.
- Multi-Factor Authentication (MFA): Ensuring MFA systems are secure and regularly tested for integrity.
By adopting these practices, startups can better protect themselves against cyber threats and maintain the trust of their customers and investors.
