Grocery startup KiranaPro CEO gives an update on how company's servers were deleted: It was not hacking but ...
KiranaPro, a grocery delivering startup was recently hit by a sever cyberattack in which led to the complete deletion of its servers. Now, the company CEO
Deepak Ravindran
has confirmed that recent data wipeout was not the result of any external cyberattack, but rather an internal breach caused by a former employee. Ravindran posted on social media platform X (formerly known as Twitter) about the indecent. In post, he wrote that the company initially suspected hacking but later discovered that a trusted internal employee was responsible for deleting critical server logs. Despite the setback,
KiranaPro
assured that customer data remains intact, and the company is working to restore its services. The startup has also strengthened security measures, including revamping access controls and improving audit logging, to prevent similar incidents in the future.
KiranaPro's complete data deleted: Here's what happened
KiranaPro lost access to its backend servers and app source code, leading to disruptions in its operations. Initially, the company feared a targeted cyberattack, but an internal investigation revealed that the data deletion was intentional and carried out by an ex-employee with legitimate system access.
The startup, which operates on the Indian government's Open Network for Digital Commerce (ONDC), had been serving 55,000 customers across 50 cities, facilitating 2,000 orders daily.
KiranaPro CEO Deepak Ravindran on how company's servers were deleted
Ravindran explained that the individual behind the breach had worked with him previously and was part of the company's product team. The employee's role was terminated due to internal restructuring, and shortly after, the server logs were wiped.
"This was not a hack. No external party exploited vulnerabilities or bypassed security protocols. Instead, it was an
internal data breach
by someone who had legitimate access to our systems," Ravindran stated
Read KiranaPro CEO Deepak Ravindran complete post here
Clarifying the Recent Incident at
@kirana_pro
In light of recent events affecting our infrastructure, I want to take a moment to provide clarity and transparency regarding what occurred, the last few days have been hectic and stressful and firstly I would thank you for your support during such trying times.
Here is a snapshot of what happened and what did not.
After careful investigation, we conclude that this was not a hack. No external party penetrated our ordering or payment systems, exploited vulnerabilities, or bypassed security protocols. Our external security posture remains intact, and there is no evidence of any unauthorized access from outside the organization. All customer data stays intact.
Instead, this was an internal data breach. Specifically, it was the result of actions taken by a trusted internal employee who had legitimate access to our systems. This individual intentionally deleted critical server logs while they were being tested and/or edited, an action that goes directly against our policies, our principles, and the trust we place in our team.
Why the Distinction Matters
Understanding the nature of this incident is important:
A hack implies that a system was compromised from the outside. Typically due to security flaws or insufficient safeguards, which could place customers and stakeholders at broader risk.
An internal breach, however, involves someone with authorized access misusing their privileges. This represents a very different type of threat: one rooted in internal trust and the perpetrators need for vengeance, rather than technical system vulnerability.
What We're Doing
We are taking this breach extremely seriously and have already taken the following steps:
•Internal teams are working hard to bring the KiranaPro app back up live.
•Initiated a full forensic review to determine the complete scope and impact of the data deletion.
•Strengthened access controls and improved audit logging to prevent similar incidents in the future.
•Reinforced internal policies and implemented additional training around data governance and privileged access, restructed MFA for all parties working on the server and implemented a One-to-One Entry Log to the databases as we rebuild what we lost during this attack.
•Pursuing appropriate disciplinary and legal action against the individual responsible, in line with the severity of the breach.
I fully understand the concern this incident may cause. As the founder, I want to reiterate our commitment to protecting our systems and data not only from external threats but from internal misuse as well.
An attack of this kind is not an attack on outcomes, It is an attack on trust and the covenant we share with our employees, The next few months will see us come back, with learnings from this experience with stronger controls and systems in place.
Looking forward to your continued support.
AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
India Today
an hour ago
- India Today
Crippled by Op Sindoor strikes, Pak eyeing Germany for air defence upgrades
Rattled by the devastating impact of BrahMos missile strikes during India's Operation Sindoor, Pakistan is now exploring the procurement of a new air defence system to counter future to sources, Islamabad is actively considering the purchase of the IRIS-T SLM air defence system from Germany in a bid to strengthen its aerial shield against India's supersonic cruise missiles, particularly the move comes after Pakistan's existing Chinese-origin air defence systems, including the HQ-9 and HQ-16, failed to detect or intercept Indian missile attacks during the operation. In contrast, the IRIS-T SLM system has demonstrated significant effectiveness in recent combat situations. In Ukraine, where several units were redirected from Egypt due to the ongoing war, the German-made system has reportedly shot down over 60 aerial targets since its deployment last it was said to have successfully intercepted Russian Oniks missiles, which are similar in profile to India's by Diehl Defence, the IRIS-T SLM is known for its modular and compact architecture. Each unit, estimated to cost around USD 200 million, includes radar, an operations centre, and launchers, all mounted on a 20-foot interest in the system highlights its urgent push to rebuild and upgrade its air defence network, particularly after key air bases were damaged by Indian missiles during Operation grappling with a severe economic crisis, Pakistan has raised its defence budget by 18 per cent this year while simultaneously scrapping domestic development projects valued at 1,000 billion Pakistani the past month, the country has secured financial assistance totalling USD 1.8 billion from the International Monetary Fund (IMF) and the Asian Development Bank (ADB) to address its fiscal Germany's Diehl Defence, the maker of the IRIS-T SLM, is also involved in a major Indian defence initiative. The company is collaborating with Thyssenkrupp Marine Systems on Project 75I, a Rs 70,000 crore programme to build six submarines for the Indian Indian-German collaboration also includes the development of the Interactive Defence and Attack System (IDAS), which will be integrated into the India's Reliance Defence has announced a partnership to manufacture Vulcano 155mm precision-guided artillery shells domestically. The initiative is expected to generate revenues of approximately Rs 10,000 crore, with over 50 per cent of the components to be produced indigenously.
India.com
an hour ago
- India.com
India Won Operation Sindoor – But What Does The Army Want Next, And Who Poses The Greatest Threat?
New Delhi: India crushed Pakistan's assault during Operation Sindoor. But after the dust settled, something more alarming came into view. China was not sitting on the sidelines. It was pulling strings from behind the curtain. Indian radars picked up Chinese-made jets in Pakistani skies. Chinese missiles were used to target Indian bases. Beijing was deeply involved. That means India was not fighting just Pakistan. India was up against two enemies at once. Military officers have sounded the alarm. They want India's defence budget raised to 2.5% of the Gross Domestic Product (GDP). Right now, the defence allocation stands at just 1.9%. A huge portion of that money goes into salaries and pensions. Only a quarter of it helps modernise the military. This cannot continue. Not when two hostile neighbours are preparing for something bigger. China has been pumping weapons into Pakistan. In the May 7-10 clashes, Pakistan deployed Chinese J-10 jets and HQ-9 missile systems. Beijing has promised to send more – stealth fighters, long-range air defence weapons and new-generation drones. China is flooding Pakistan with cutting-edge military tools. Pakistan's economy is in crisis. But even then, Islamabad raised its defence budget by 20%. It cut development. It ignored debt. It focused on weapons. India must respond, believe experts, arguing that it is time for total self-reliance in defence production. India must build fighter jets, drones, loitering munitions and missiles on its own. The private sector must step in. Half-measures will not do. Half-prepared armies lose wars. India's Advanced Medium Combat Aircraft (AMCA) project has started moving. But it must move faster. Tejas took decades. The same mistake cannot happen again. The Indian Air Force is short on fighter squadrons. It has just 30. The target is 42.5. Drones are the new face of war. Swarm drones. FPV kamikaze drones. Loitering drones. India needs all of these, and it needs them in bulk. No country will come to India's rescue in a full-scale war. India must stand on its own. During Operation Sindoor, India used Russian S-400s, Israeli Barak-8s and its own Akash missiles. These systems intercepted and neautralised many Pakistani drone and missile attacks. But more layers are needed. DRDO must now accelerate two things – short-range air defence systems and long-range strike missiles like Project Kusha. Military reform is also crucial. India has a huge army. It must cut unnecessary spending. It must remove red tape from weapons procurement. And it must create joint theatre commands that allow the Army, Navy and Air Force to fight as one. A senior military commander put it bluntly. India is now staring at a superpower that is feeding a hostile neighbour. Pakistan may fire the bullets. But China is loading the gun. India cannot look away anymore. The next battle may not wait for long.
Time of India
an hour ago
- Time of India
Financial sector regulators to work on universal KYC
Financial sector regulators, led by the RBI, are developing a universal KYC framework with the CKYCR to streamline verification processes. Nirmala Sitharaman urged regulators to ensure seamless KYC experiences for citizens and expedite refunds of unclaimed amounts through district-level camps. The FSDC also discussed strengthening cybersecurity and implementing budget announcements related to KYC simplification for NRIs, PIOs, and OCIs. Tired of too many ads? Remove Ads Tired of too many ads? Remove Ads New Delhi: Financial sector regulators, including the Reserve Bank of India , will look at a universal know your customer (KYC) framework and develop systems with the Central Know Your Customer Registry (CKYCR) to promote the inter-usability of records and avoid multiple minister Nirmala Sitharaman in a meeting of the Financial Stability and Development Council (FSDC) in Mumbai on Tuesday urged the financial sector regulators to take proactive steps to ensure that citizens have a seamless experience with the KYC processes across the financial a statement, the finance ministry said the FSDC also considered strengthening the cyber resilience framework of the Indian financial sector through a financial sector-specific cybersecurity FSDC also discussed issues relating to formulating a strategy for implementing the past decisions and the budget announcements, which included prescribing common KYC norms, simplification and digitalisation of the KYC process, including digital onboarding for non-resident Indians (NRIs), PIOs and OCIs in the Indian securities FSDC has representation from the Reserve Bank of India (RBI), the Insurance Regulatory and Development Authority of India (Irdai), the Securities and Exchange Board of India (Sebi), the Pension Fund Regulatory and Development Authority (PFRDA) and officials from the finance and corporate affairs urged the regulators and departments to expedite the process of refund to rightful owners of unclaimed amounts by holding special district-level also emphasised that interest of common citizens be kept in mind and therefore expeditiously refund the claims of the rightful claimants, the statement unclaimed amounts comprise deposits in banks, unclaimed shares and dividends managed by IEPFA and unclaimed insurance and pension funds with Irdai and PFRDA, drive is to be conducted in coordination with RBI, Sebi, MCA, PFRDA and Irdai along with banks, pension agencies and insurance finance ministry statement noted that the FSDC also deliberated on the emerging trends from the domestic and global macro-financial situation and stressed the need to be vigilant."The council recognised the need for proactive efforts to mitigate potential risks to financial stability while adopting adequate safeguards for the financial system's resilience," it said.
