The quick commerce platform KiranaPro has allegedly been compromised, affecting all its data and sensitive user information.

KiranaPro, established in 2024 by Ravindra and Deepankar Sarkar, is a quick commerce platform that collaborates with local retailers and kirana stores to provide grocery deliveries within 10-20 minutes.  With the aid of its voice-oriented AI model, it links customers to their local kirana shops through the ONDC network.

The startup, supported by TurboStart, Unpopular Ventures, Blume Ventures, and Snow Leopard Ventures, has secured over $188K in funding so far.

Deepak Ravindran, the CEO and cofounder of KiranaPro, informed TechCrunch that the “destroyed data” encompassed the app code and user information—such as names, mailing addresses, and payment details—stored on the company’s servers.

KiranaPro’s app may be online, but the platform isn’t processing orders.

The incident was revealed on May 26 when executives from KiranaPro allegedly observed, while trying to log into their Amazon Web Services account, that hackers had accessed KiranaPro’s root accounts on both AWS and GitHub.

Related: Why Small Businesses in India Are Moving Online?

The report indicates that the platform was targeted after an individual accessed the startup’s systems using an account belonging to a former employee.  According to reports, Saurav Kumar, the chief technology officer (CTO) at KiranaPro, stated that the attack probably occurred between May 24 and May 25.

Kumar reportedly stated that while the company utilized Google Authenticator for multi-factor authentication on its AWS account, the authentication code had changed when executives tried to log in last week.

After logging in, KiranaPro employees discovered that all their Elastic Compute Cloud (EC2) services, which allow clients to access virtual machines for running their applications, had been removed.

“The only way we can log in is via the IAM [identity and access management] account. Through this, we can see that the EC2 instances are no longer present, but we cannot obtain any logs or other information because we lack access to the root account,” Kumar reportedly added.

In the meantime, reports indicate that the company has contacted GitHub’s support team for assistance in identifying the hacker’s IP addresses.  Ravindran is said to have stated that the startup is working on filing cases against ex-employees who “did not provide their credentials for accessing their GitHub accounts to check their logs.”

It still seems that there is no clear understanding of how the cyberattack occurred precisely.

The company informed the media earlier this year that it aimed to incorporate 100 million users and at least 1 million kirana stores onto its platform.