Overview

• The breach occurred May 24–25 when attackers used a former employee’s credentials to wipe AWS EC2 instances and GitHub repositories, and was uncovered on May 26.
• All app code and sensitive customer data—including names, addresses and payment details—were deleted, rendering the platform live but unable to process orders.
• KiranaPro’s inoperable app has paused partnerships worth Rs 5 crore, and the startup is losing about 2,000 daily orders and 100,000 download requests.
• The company has filed cases against former employees suspected of withholding their GitHub credentials and has enlisted GitHub support to trace the intruder’s IP addresses.
• CEO Deepak Ravindran calls the incident a deliberate, personal attack and says KiranaPro is rebuilding its infrastructure with advanced security measures.