In a significant cybersecurity incident, quick commerce platform KiranaPro has reportedly suffered a major data breach, compromising sensitive user data and critical company information. According to cofounder and CEO Deepak Ravindran, the breach led to the destruction of essential data, including the company’s app code and user information such as names, mailing addresses, and payment details stored on its servers.
The data breach came to light on May 26, 2025, when KiranaPro executives discovered suspicious activity while attempting to log into their Amazon Web Services (AWS) account. It was soon revealed that hackers had gained root-level access to both the company’s AWS and GitHub accounts—two critical platforms powering KiranaPro’s infrastructure.
Read Also :- Stable Money Raises INR 173 Crore in Series B Funding Led by Fundamentum Partnership
Breach Origin Linked to Former Employee’s Account
The incident appears to have stemmed from a security lapse involving a former employee’s credentials. KiranaPro’s Chief Technology Officer, Saurav Kumar, disclosed that the attack likely occurred between May 24 and May 25, just days before the breach was discovered. Unauthorized access via the ex-employee’s account allowed cybercriminals to infiltrate KiranaPro’s core systems, escalating privileges to the highest administrative levels.
This form of insider threat—whether malicious or accidental—is increasingly recognized as one of the most dangerous vulnerabilities in modern IT systems. Cybersecurity experts often emphasize the importance of timely deactivation of access privileges for former employees, and this incident serves as a stark reminder of that need.
Extent of the Damage
The attackers reportedly erased essential data from KiranaPro’s servers, including proprietary application code that powers its commerce platform. This could potentially disrupt the company’s service operations and delay recovery efforts. More alarmingly, the breach has led to the exposure of personally identifiable information (PII) of users, which could include sensitive payment and identity details.
This data leak raises significant concerns around user privacy, data protection compliance, and financial fraud. Affected users may now be at risk of identity theft, phishing attacks, or unauthorized transactions if their information is misused.
Company’s Response and Next Steps
KiranaPro has not yet released a detailed public statement outlining the full impact or offering guidance for affected users. However, sources suggest that the company has mobilized internal security teams and is likely working with cybersecurity experts and cloud service providers to assess the damage and contain further risks.
The incident may also prompt investigations by regulatory authorities under India’s evolving data protection laws, especially if any negligence in securing user data is found. KiranaPro will need to ensure full transparency, quick action, and enhanced security protocols to regain user trust and prevent similar breaches in the future.
Leave a comment