KiranaPro Cyberattack Destroys Entire Infrastructure, Exposes Insider Threat Risks

• KiranaPro suffered a security breach that deleted all EC2 services and destroyed repositories due to a malicious insider.
• Both the company’s root AWS and GitHub accounts were compromised, exposing customer names, addresses, and more.
• The attack was targeted and personal, reportedly aided by credential theft involving a former employee’s access. 

Indian grocery delivery platform KiranaPro has suffered a catastrophic cyberattack, leading to the destruction of its core infrastructure. On May 24-25, attackers gained unauthorized access to KiranaPro's GitHub repositories and AWS root accounts, wiping all app code, customer data, and server resources. 

The data breach has rendered the app inoperable, impacting over 30,000 active buyers and 2,000 daily orders, and endangering the livelihoods of thousands of Kirana store owners across 50 cities.

KiranaPro CEO Deepak Ravindran has publicly attributed the incident to a targeted, deliberate attack by a "malicious insider," potentially a disgruntled former employee. 

@githubsecurity @awscloud We request immediate forensic support to trace and recover what we can. This was not an accident—our logs indicate coordinated deletion with intent to destroy. KiranaPro powers the livelihoods of thousands of kirana store owners. This breach impacts real…

— Deepak Ravindran 🇮🇳 (@deepakravindran) June 3, 2025

Company executives became aware of the breach when they were unable to access AWS services. The root account’s multi-factor authentication (MFA) appeared compromised, and key EC2 instances were missing. 

Despite using MFA via Google Authenticator, the attackers were able to reset authentication codes and escalate privileges. 

According to CTO Saurav Kumar, the attackers leveraged privileged credentials, likely retained via unrevoked former employee accounts. Once inside, attackers systematically deleted repositories and infrastructure.

The attack also exposed sensitive customer data, including names, addresses, and payment information. KiranaPro has contacted GitHub support for forensic assistance and initiated legal proceedings against ex-employees suspected of retaining unauthorized access.

Investigations are ongoing, with legal action taken against ex-employees and an effort underway to rebuild systems with improved security controls.