After its data was wiped, KiranaPro's co-founder cannot rule out an external hack

Indian grocery delivery startup KiranaPro's recent data loss story has more holes than Swiss cheese, as the startup remains unclear whether the incident was an internal breach or an external hack.
Last week, the Bengaluru-based startup discovered that it could not access its back-end servers and that all its data, including its app code, had been deleted from GitHub. The startup on Friday blamed a former employee for the breach. However, in an interview, KiranaPro co-founder and CEO Deepak Ravindran conceded that the company had not deactivated the employee's account after they departed the company and cannot rule out the possibility of subsequent malicious misuse of their account.
'If we go deeper, we have to do a real forensic investigation. We are going to talk [about] this with our board, the investors, and we are going to get a formal opinion on that also with our legal advisers,' Ravindran told TechCrunch.
Earlier on Friday, Ravindran claimed in a post on X that the incident that affected its data was an internal breach.
'After careful investigation, we conclude that this was not a hack. No external party penetrated our ordering or payment systems, exploited vulnerabilities, or bypassed security protocols,' he wrote.
The co-founder also explicitly shared a screenshot of a LinkedIn profile of one of KiranaPro's former employees on X on Thursday, alleging that they had deleted the startup's code. (TechCrunch is not sharing the post's link, as the startup has yet to offer concrete proof supporting its position.)
'[T]his was an internal data breach. Specifically, it was the result of actions taken by a trusted internal employee who had legitimate access to our systems,' the co-founder wrote in his post on Friday. 'This individual intentionally deleted critical server logs while they were being tested and/or edited, an action that goes directly against our policies, our principles, and the trust we place in our team.'
When TechCrunch asked if KiranaPro could rule out whether any third party had maliciously gained access to the former employee's account, Ravindran could not.
'We have to do a complete forensic check on the company. We have to do the entire IP scan. We have to look at where the tracks happened. We have to check the computers, MacBooks, and whatever is used. Everything has to be done. Then we have to spend money … so, that's why we decided not to,' he told TechCrunch.
Then what was the basis of Ravindran's allegation? It was a GitHub response, a copy of which he shared with TechCrunch.
The response included a username, which Ravindran said was associated with the former employee.
'All we have is the emails that we got from GitHub, stating that [the former employee's username] as an individual is the one who deleted the account. We haven't done the investigation further,' Ravindran told TechCrunch.
Former employee's account was never offboarded
Launched in late 2024, KiranaPro operates as a buyer app on the Indian government's Open Network for Digital Commerce. The startup allows more than 55,000 customers in 50 cities to purchase groceries from their local shops and nearby supermarkets using its voice-based interface. The company also supports local language inputs, including English, Hindi, Malayalam, and Tamil.
Ravindran stated that they decided to call out the former employee based on the company's 'belief system,' as they claim the former employee deleted the data after their sudden termination.
However, the startup said it is not aware if there were enough protections on the former employee's devices, such as multi-factor authentication, to restrict malicious third-party access, like malware.
The company confirmed it did not remove the employee's access to its data and GitHub account following his departure.
'Employee offboarding was not being handled properly because there was no full-time HR,' KiranaPro's chief technology officer, Saurav Kumar, confirmed to TechCrunch.
Company restores AWS account and GitHub data
Alongside its code saved in GitHub, KiranaPro also lost access to its Amazon Web Services (AWS) account, which included its customer data and their transaction details.
Ravindran told TechCrunch that the GitHub data was restored after getting its backup from one of their employees. The startup also regained access to its AWS account along with its customer data.
Both the co-founder and CTO said the AWS account was protected by multi-factor authentication, but neither could say how the account was accessed, as nobody else had physical access to Ravindran's phone, which generates the multi-factor code.
Nonetheless, Ravindran claimed that the customer data stored in the AWS cloud remained intact and was not accessed by any third parties, nor was it downloaded by the former employee in question.
'Because if that is the case, I will get its notification on email or anything [sic],' he said.
That said, Ravindran stated that the startup has enough evidence to file a formal complaint with the police, but said that its investigation is ongoing.
The startup has also not fully paid its current employees, the company's co-founder confirmed, soon after the company raised a seed round of ₹100 million Indian rupees (about $1.2 million), which Ravindran said has yet to be fully wired.
The startup counts Blume Ventures, Unpopular Ventures, and Turbostart among its institutional venture backers, as well as Olympic medalist PV Sindhu and Boston Consulting Group managing director Vikas Taneja among its angel investors. It has 15 employees located in Bengaluru and Kerala.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Yahoo

13 minutes ago

• Yahoo

Does The Market Have A Low Tolerance For GreenTree Hospitality Group Ltd.'s (NYSE:GHG) Mixed Fundamentals?

It is hard to get excited after looking at GreenTree Hospitality Group's (NYSE:GHG) recent performance, when its stock has declined 18% over the past three months. We, however decided to study the company's financials to determine if they have got anything to do with the price decline. Stock prices are usually driven by a company's financial performance over the long term, and therefore we decided to pay more attention to the company's financial performance. Specifically, we decided to study GreenTree Hospitality Group's ROE in this article. Return on equity or ROE is an important factor to be considered by a shareholder because it tells them how effectively their capital is being reinvested. In other words, it is a profitability ratio which measures the rate of return on the capital provided by the company's shareholders. This technology could replace computers: discover the 20 stocks are working to make quantum computing a reality. Return on equity can be calculated by using the formula: Return on Equity = Net Profit (from continuing operations) ÷ Shareholders' Equity So, based on the above formula, the ROE for GreenTree Hospitality Group is: 7.2% = CN¥107m ÷ CN¥1.5b (Based on the trailing twelve months to December 2024). The 'return' is the amount earned after tax over the last twelve months. So, this means that for every $1 of its shareholder's investments, the company generates a profit of $0.07. See our latest analysis for GreenTree Hospitality Group We have already established that ROE serves as an efficient profit-generating gauge for a company's future earnings. We now need to evaluate how much profit the company reinvests or "retains" for future growth which then gives us an idea about the growth potential of the company. Generally speaking, other things being equal, firms with a high return on equity and profit retention, have a higher growth rate than firms that don't share these attributes. On the face of it, GreenTree Hospitality Group's ROE is not much to talk about. Next, when compared to the average industry ROE of 19%, the company's ROE leaves us feeling even less enthusiastic. For this reason, GreenTree Hospitality Group's five year net income decline of 16% is not surprising given its lower ROE. We reckon that there could also be other factors at play here. Such as - low earnings retention or poor allocation of capital. That being said, we compared GreenTree Hospitality Group's performance with the industry and were concerned when we found that while the company has shrunk its earnings, the industry has grown its earnings at a rate of 33% in the same 5-year period. Earnings growth is a huge factor in stock valuation. What investors need to determine next is if the expected earnings growth, or the lack of it, is already built into the share price. This then helps them determine if the stock is placed for a bright or bleak future. Is GreenTree Hospitality Group fairly valued compared to other companies? These 3 valuation measures might help you decide. In spite of a normal three-year median payout ratio of 27% (that is, a retention ratio of 73%), the fact that GreenTree Hospitality Group's earnings have shrunk is quite puzzling. So there could be some other explanations in that regard. For instance, the company's business may be deteriorating. Moreover, GreenTree Hospitality Group has been paying dividends for six years, which is a considerable amount of time, suggesting that management must have perceived that the shareholders prefer consistent dividends even though earnings have been shrinking. Overall, we have mixed feelings about GreenTree Hospitality Group. Even though it appears to be retaining most of its profits, given the low ROE, investors may not be benefitting from all that reinvestment after all. The low earnings growth suggests our theory correct. Wrapping up, we would proceed with caution with this company and one way of doing that would be to look at the risk profile of the business. Our risks dashboard would have the 4 risks we have identified for GreenTree Hospitality Group. — Investing narratives with Fair Values Vita Life Sciences Set for a 12.72% Revenue Growth While Tackling Operational Challenges By Robbo – Community Contributor Fair Value Estimated: A$2.42 · 0.1% Overvalued Vossloh rides a €500 billion wave to boost growth and earnings in the next decade By Chris1 – Community Contributor Fair Value Estimated: €78.41 · 0.1% Overvalued Intuitive Surgical Will Transform Healthcare with 12% Revenue Growth By Unike – Community Contributor Fair Value Estimated: $325.55 · 0.6% Undervalued View more featured narratives — Have feedback on this article? Concerned about the content? Get in touch with us directly. Alternatively, email editorial-team (at) article by Simply Wall St is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks mentioned. Error while retrieving data Sign in to access your portfolio Error while retrieving data Error while retrieving data Error while retrieving data Error while retrieving data

Yahoo

an hour ago

• Yahoo

2 days left to save up to $210 on your TechCrunch All Stage pass

Time is almost up! Regular bird pricing for TechCrunch All Stage ends this Sunday, June 22, at 11:59 p.m. PT. That means you have just 2 days left to lock in savings of up to $210 on your ticket to one of the ultimate founder events of the summer. TC All Stage lands in Boston at SoWa Power Station on July 15 for one action-packed day built for founders, investors, and startup operators who want more than surface-level inspiration. Expect tactical sessions, real conversations, and curated connections — all under one roof. If you're a founder, investor, or startup operator, this is your moment to get in the room. Secure your pass now and save up to $210. At TC All Stage, we're not interested in vague predictions or padded panels. We're focused on what's actually working right now — and who's making it happen. Visit the TC All Stage agenda page to see the full lineup of roundtables and sessions, but in the meantime, you can expect sessions like these: We're bringing in the founders, investors, and operators with firsthand insight on what it takes to build and scale today. Some of the speakers you'll hear from include: Throughout the day, you'll dive into expert-led roundtables, founder-focused breakouts, and high-energy networking. Test your pitch in front of investors during networking meetings, or see how yours stacks up while watching startups compete in the 'So You Think You Can Pitch' showdown. Then, close out the day with curated Side Events across Boston — from happy hours to VIP meetups. Don't miss your chance to connect, grow, and scale at TC All Stage. Prices jump in just 2 days — Sunday, June 22, at 11:59 p.m. PT. Save up to $210 and get your ticket now. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data

Gizmodo

an hour ago

• Gizmodo

What We Know So Far About the Supposed ‘Mother of All Data Breaches'

Data breaches are so common these days that, when a new one gets announced, most web users can do little more than yawn and mutter something like 'Yeah, no shit' before scrolling up to the next story in their newsfeed. This week, however, a breach was announced that was allegedly so earth-shatteringly huge that it managed to break through the internet's wall of collective cynicism. Dubbed the 'Mother of All Data Breaches,' the breach is said to involve some 16 billion user credentials, and impact a vast number of accounts on platforms like Facebook, Google, and Apple. The breach was initially reported by Cyber News, a site that focuses on web security, and was written by the site's deputy editor and researcher, Vilius Petkauskas. The story, published Wednesday, claims that the breach represents 'one of the largest data breaches in history.' Petkauskas's article describes the discovered breach as 'a plethora of supermassive datasets, housing billions upon billions of login credentials' that have been sourced from 'social media and corporate platforms to VPNs and developer portals.' This data is sourced from '30 exposed datasets' that researchers say contains 'tens of millions to over 3.5 billion records each.' Researchers say they were able to discover the exposed datasets due to insecure online protections, though they say the exposure was too short-lived for them to figure out who was 'controlling' the data. 'This is not just a leak – it's a blueprint for mass exploitation,' said researchers interviewed by the site. 'With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.' Cyber News's story was picked up by a number of mainstream outlets, including Forbes and Axios. However, no sooner had the news begun to circulate the internet than security professionals began to call the article's claims into question. According to critics, Cyber News isn't wrong per se about the number of credentials that have been exposed—and that's horrifying enough news on its own. However, some watchers maintain that this isn't a new breach (nor is it really a breach in the traditional sense), it's just data from a bunch of old breaches that have been stapled together and posted online. 'To be clear, this is not a new data breach, or a breach at all, and the websites involved were not recently compromised to steal these credentials,' writes Bleeping Computer. Meanwhile, vx-underground, an informational website that posts about malware samples found around the web, tweeted about the story, characterizing it as a 'fear mongering 16,000,000,000 password repackage password leak thingy which scared the normies and spread misinformation.' Unfortunately, large breaches happen all the time and, due to the way that the cybercriminal underworld is structured around the sharing of stolen data, data from many of these breaches is traded and re-traded across websites. Sometimes, collectors of that information will compile very large dossiers of those breaches and post it as something new—which is what researchers are claiming happened here. That said, Cyber News's story seems to contradict the claims being made by security researchers somewhat. It says that the data that has been uncovered is 'recent' and 'not merely recycled from old breaches.' The Cyber News story also now includes a disclaimer that says: 'This story, based on unique Cybernews findings and originally published on the website on June 18, is constantly being updated with clarifications and additional information in response to public discourse.' Gizmodo reached out to Cyber News for comment. The breach is still interesting for how it highlights the danger of one particular tool in the dark web cretin's toolkit, which is a malware appropriately known as the 'infostealer.' The infostealer—just as it sounds—is software that, once having infected a device, will suck out login credentials that have been saved in the computer's browser. A very effective tool, cybercriminals can use the automated tools to swiftly compile large lists of personal information that can be used for compromise operations down the road. Regardless of whether this involves freshly leaked credentials or not, it might be a good time to freshen up your logins. Hackers' jobs are getting easier by the day.