Indian Grocery Startup KiranaPro Hacked: Servers Deleted and Customer Data Compromised

Introduction

In a shocking cybersecurity incident, Indian grocery delivery startup KiranaPro was hit by a devastating hack in May 2025. The attack resulted in the complete deletion of its servers, app code, and the loss of sensitive customer data. The incident has brought to light the critical importance of robust cybersecurity measures for startups operating in India’s rapidly growing digital commerce sector.

Curious to learn more? Contact us at info@adaptive.live

What Happened in the KiranaPro Hack?

KiranaPro, a fast-growing voice-enabled grocery ordering app operating on the Open Network for Digital Commerce (ONDC), experienced a major security breach on May 26, 2025. The attackers gained unauthorized access to both the company’s Amazon Web Services (AWS) and GitHub accounts. Despite using multi-factor authentication (MFA), the hackers managed to delete all server instances, crippling the app’s operations.

How Did the Attack Occur?

Initial investigations suggest the breach was facilitated through compromised credentials, possibly from a former employee who failed to surrender their access upon leaving the company. This highlights the persistent threat of credential theft and the need for stringent offboarding procedures in tech startups.

Impact on Customers and Operations

The KiranaPro hack affected over 55,000 customers across 50 cities in India. Personal information—including names, addresses, and payment details—may have been exposed. The breach forced KiranaPro to suspend its services, impacting its ambitious expansion plans across the country.

How Adaptive can Help Prevent Cyberattacks

With cyberattacks on the rise, platforms like Adaptive are becoming essential for enterprises looking to secure their digital infrastructure. Here’s how adaptive.live could have made a difference in a scenario like KiranaPro’s:

1. Automated Credential Management and Offboarding

Adaptive offers automated user provisioning and deprovisioning across cloud platforms like AWS and GitHub. This ensures that when an employee leaves, their access is immediately revoked, minimizing the risk of unauthorized access through forgotten or lingering credentials.

2. Continuous Security Monitoring

With real-time monitoring and anomaly detection, Adaptive alerts teams to suspicious activity—such as unusual login locations, privilege escalations, or mass deletions—allowing rapid intervention before major damage occurs.

3. Incident Response Automation

Adaptive enables automated workflows to respond to potential breaches, such as isolating compromised accounts, revoking access, and locking down affected resources. This drastically reduces response time and limits the impact of attacks.

4. Comprehensive Audit Trails

Every action across cloud accounts is logged and easily accessible, supporting forensic investigations and regulatory compliance after an incident.

5. Zero Trust Security Framework

Adaptive helps implement a zero trust approach, ensuring that users only have the minimum permissions necessary to perform their roles, and that access is continuously verified.

In summary: By integrating Adaptive, orgs can proactively safeguard their infrastructure, detect threats early, and respond to incidents quickly—helping to avoid business disruptions and protect customer trust.

KiranaPro’s Response

KiranaPro is actively working with GitHub to trace the hackers and has initiated legal action against ex-employees suspected of involvement. The company is also urging customers to monitor their financial accounts and be cautious of potential phishing scams.

Lessons for Organizations: The Importance of Cybersecurity

This incident serves as a wake-up call for all organizations in India’s digital ecosystem. Cybersecurity must be a top priority, with regular security audits, strict access controls, and comprehensive offboarding protocols to prevent similar breaches.

Protect Your Organization: Get Started with Adaptive

The KiranaPro data breach is a stark reminder of the vulnerabilities faced by digital-first companies. As Indian organizations continue to scale and innovate, investing in proactive cybersecurity solutions like adaptive.live is not optional—it’s essential for business survival and customer trust.

Want to secure your organization from cyberattacks? Contact us at info@adaptive.live today to schedule a free security assessment and see how automation can protect your business.