Article Details

‘Deliberate attack’ deletes shopping app’s AWS and GitHub resources. CEO of India's KiranaPro, which brings convenience stores online, vows to name the perp. The CEO of Indian grocery ordering app KiranaPro has claimed an attacker deleted its GitHub and AWS resources in a targeted and deliberate attack and vowed to name the perpetrator. KiranaPro lets users shop at “Kiranas,” the Indian equivalent of convenience stores, which mostly stock basic foodstuffs. Users of the app place an order, which KiranaPro sends to nearby Kiranas who bid to win the sale. The winner arranges delivery of the goods. The elapsed time from ordering to delivery seldom tops 20 minutes. KiranaPro CEO Deepak Ravindran claims the app “powers the livelihoods of thousands of Kirana store owners” and handles 2,000-plus orders each day. Ravindran also claims the app was destroyed by someone who holds a grudge. “Our startup @Kirana_Pro was deliberately hacked—entire GitHub repo & AWS data wiped. Logs suggest malicious insider action,” he wrote on June 3rd. The attack happened last week, and the app has been inoperable since. On Wednesday, Ravindran described the incident as “a targeted cyberattack.” “It wasn’t random. It wasn’t opportunistic. It was deliberate. And it was personal,” he wrote. “Our servers were breached, critical infrastructure was deleted, and sensitive customer data was compromised. The attack was a calculated attempt to undermine our mission and the community we serve.” “We are rebuilding our systems with enhanced security measures to prevent future incidents,” he added. Ravindran later promised he would expose the hacker on Wednesday. The quotes above come from the CEO’s @deepakravindran account on X, so if you fancy reading his possibly defamatory revelation that may well be the place to find it! If the culprit was, as Ravindran alleges, a malicious insider, the incident highlights the difficulty of defending against attackers who enjoy privileged access to systems and infrastructure. It also suggests KiranaPro may not have adopted best practices, such as keeping backups outside the cloud, or using AWS’s settings to require two authorizations before deleting resources. Or perhaps KiranaPro did take such precautions, in which case it’s facing multiple foes.