Latest news with #DeepakRavindran
Time of India
09-06-2025
- Business
- Time of India
Grocery startup KiranaPro CEO gives an update on how company's servers were deleted: It was not hacking but ...
KiranaPro, a grocery delivering startup was recently hit by a sever cyberattack in which led to the complete deletion of its servers. Now, the company CEO Deepak Ravindran has confirmed that recent data wipeout was not the result of any external cyberattack, but rather an internal breach caused by a former employee. Ravindran posted on social media platform X (formerly known as Twitter) about the indecent. In post, he wrote that the company initially suspected hacking but later discovered that a trusted internal employee was responsible for deleting critical server logs. Despite the setback, KiranaPro assured that customer data remains intact, and the company is working to restore its services. The startup has also strengthened security measures, including revamping access controls and improving audit logging, to prevent similar incidents in the future. KiranaPro's complete data deleted: Here's what happened KiranaPro lost access to its backend servers and app source code, leading to disruptions in its operations. Initially, the company feared a targeted cyberattack, but an internal investigation revealed that the data deletion was intentional and carried out by an ex-employee with legitimate system access. The startup, which operates on the Indian government's Open Network for Digital Commerce (ONDC), had been serving 55,000 customers across 50 cities, facilitating 2,000 orders daily. KiranaPro CEO Deepak Ravindran on how company's servers were deleted Ravindran explained that the individual behind the breach had worked with him previously and was part of the company's product team. The employee's role was terminated due to internal restructuring, and shortly after, the server logs were wiped. "This was not a hack. No external party exploited vulnerabilities or bypassed security protocols. Instead, it was an internal data breach by someone who had legitimate access to our systems," Ravindran stated Read KiranaPro CEO Deepak Ravindran complete post here Clarifying the Recent Incident at @kirana_pro In light of recent events affecting our infrastructure, I want to take a moment to provide clarity and transparency regarding what occurred, the last few days have been hectic and stressful and firstly I would thank you for your support during such trying times. Here is a snapshot of what happened and what did not. After careful investigation, we conclude that this was not a hack. No external party penetrated our ordering or payment systems, exploited vulnerabilities, or bypassed security protocols. Our external security posture remains intact, and there is no evidence of any unauthorized access from outside the organization. All customer data stays intact. Instead, this was an internal data breach. Specifically, it was the result of actions taken by a trusted internal employee who had legitimate access to our systems. This individual intentionally deleted critical server logs while they were being tested and/or edited, an action that goes directly against our policies, our principles, and the trust we place in our team. Why the Distinction Matters Understanding the nature of this incident is important: A hack implies that a system was compromised from the outside. Typically due to security flaws or insufficient safeguards, which could place customers and stakeholders at broader risk. An internal breach, however, involves someone with authorized access misusing their privileges. This represents a very different type of threat: one rooted in internal trust and the perpetrators need for vengeance, rather than technical system vulnerability. What We're Doing We are taking this breach extremely seriously and have already taken the following steps: •Internal teams are working hard to bring the KiranaPro app back up live. •Initiated a full forensic review to determine the complete scope and impact of the data deletion. •Strengthened access controls and improved audit logging to prevent similar incidents in the future. •Reinforced internal policies and implemented additional training around data governance and privileged access, restructed MFA for all parties working on the server and implemented a One-to-One Entry Log to the databases as we rebuild what we lost during this attack. •Pursuing appropriate disciplinary and legal action against the individual responsible, in line with the severity of the breach. I fully understand the concern this incident may cause. As the founder, I want to reiterate our commitment to protecting our systems and data not only from external threats but from internal misuse as well. An attack of this kind is not an attack on outcomes, It is an attack on trust and the covenant we share with our employees, The next few months will see us come back, with learnings from this experience with stronger controls and systems in place. Looking forward to your continued support. AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Time of India
09-06-2025
- Business
- Time of India
Revenge code? Ex-employee in Bengaluru crashes grocery app after layoff
A dramatic cyber breach at Bengaluru-based grocery-tech startup KiranaPro has uncovered a bitter truth in the digital economy of the present day—startups can be as susceptible to insider attacks as they are to outsider cyberattacks. What had seemed to be a sophisticated hack proved to be an act of corporate sabotage by an erstwhile employee who had been fired but still had access to important systems. The breach happened in early June 2025, soon after KiranaPro started layoffs due to financial stress. As per the company's leadership, including CEO Deepak Ravindran, the former employee was able to erase parts of the company's backend infrastructure, such as GitHub code repositories, cloud logs, and some AWS-hosted services. Most importantly, it became possible due to the lapse in revoking access credentials once the employee had made a mistake that costed them dearly. Although the extent of the incident was serious, the company has assured that customer information was not breached. Due to internal backups, especially those located locally by other employees, KiranaPro managed to recover most of its system. Internal operations were disrupted briefly, though no core customer-facing services were directly impacted, though. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like เทรดทองCFDsกับโบรกเกอร์ที่เชื่อถือได้| เปิดบัญชีวันนี้ IC Markets สมัคร Undo The company subsequently lodged a police report and launched legal action against the perpetrator. Security vulnerabilities meets financial stress Although the act of sabotage itself was headline news, the circumstances behind it provide a clearer picture of the dangers many startups ignore. KiranaPro was reportedly struggling with the late payment of salaries to current and former staff at the time of the breach. Although the company hasn't attributed the delay to the sabotage, the timing has raised eyebrows about how financial woes can feed internal discontent. The attack also highlights a rising but underappreciated threat across the tech sector—internal users with admin-level privileges and unresolved grudges. Insiders have an advantage over external hackers in that they know the guts of a system, its vulnerabilities, and where to do the most harm. In this instance, no sophisticated malware or phishing was necessary; only a set of credentials and a motive were enough. The initial assumption by the startup that it had been hacked externally introduced a time lag between finding the real cause. Forensic tests were not done before the team arrived at the conclusion that there was no involvement of an outside entity. The breach was completely homegrown. credit: instagram What do we learn from this? KiranaPro's experience is a case study in the consequences that result when HR procedures and cybersecurity measures do not intersect. First, deactivation of credentials at offboarding has to become business-as-usual, particularly for firms dealing in sensitive infrastructure. Second, multi-level authentication and real-time activity tracking by administrative users have to become business as usual. Third, isolated and encrypted regular backups need to be treated as non-negotiable assets rather than optional layers. Finally, there is the human element. Startups need to understand that financial slowness, communication breakdown in layoffs, and insufficient emotional intelligence in employee transitions can all be building blocks of a poisonous culture, one in which digital revenge will indeed be an outcome. KiranaPro might have restored its data, but the actual warning is elsewhere: in an expanding environment where technicality takes precedence over procedural protection, even a single mistake can be the source of a breach not from the outside but from within.
India Today
07-06-2025
- Business
- India Today
KiranaPro blames ex-employee after massive data wipe, but will not rule out hack
Earlier this week, homegrown grocery-tech startup KiranaPro suffered what is being described as its most significant data loss to date. While the company initially suspected foul play by an external actor, a recent post by the CEO suggests a rather different narrative. Co-founder and CEO Deepak Ravindran took to X (formerly Twitter) to shed light on the incident, stating that following an internal investigation, the company believes a former employee may be responsible. According to him, an ex-employee, whose identity has not been disclosed, deliberately erased all company data. However, it's important to note that no concrete evidence has yet been presented to support this claim. India Today attempted to contact the company for clarification, but received no posted, "After careful investigation, we conclude that this was not a hack. No external party penetrated our ordering or payment systems, exploited vulnerabilities, or bypassed security protocols. Our external security posture remains intact, and there is no evidence of any unauthorized access from outside the organisation." "Instead, this was an internal data breach. Specifically, it was the result of actions taken by a trusted internal employee who had legitimate access to our systems. This individual intentionally deleted critical server logs while they were being tested and/or edited, an action that goes directly against our policies, our principles, and the trust we place in our team," he added. advertisement According to a TechCrunch report, the Bengaluru-based startup KiranaPro discovered last week that it had lost access to its back-end servers, and that critical data, including its app's source code, had been wiped from GitHub. On Friday, the company attributed the breach to a former employee. However, in a follow-up conversation with TechCrunch, KiranaPro's co-founder and CEO, Deepak Ravindran, admitted the company had failed to revoke the ex-employee's access after their departure, leaving open the possibility that their account may have been misused maliciously. 'To investigate thoroughly, we'll need a full forensic review,' Ravindran said, adding that the matter would be escalated to the board, investors, and legal counsel for a formal opinion on next on the same, Ravindran also highlighted the same in his post. He said that while the team is working to get the app back up live, it has also initiated a full forensic report to determine the complete scope and impact of the data deletion. He added, as part of its corrective measures, KiranaPro has bolstered access controls, enhanced audit logging, and restructured its multi-factor authentication protocols. Additionally, the firm has introduced a one-to-one entry log for database access and reinforced internal policies through improved training on data governance and privileged access. Legal and disciplinary proceedings are also being pursued against the individual deemed responsible, in accordance with the seriousness of the after posting this long and heavy post, the CEO says he cannot fully rule out the external hack option. TechCrunch reported that Ravindran has reservations about going full in to find the culprit. He said that to rule out the external hack option completely, the company has to run rigorous IP scans, which means a lot of resources will be consumed in the process. Hence, the company has decided not to delve deeper into the company does not want to investigate the third-party hacking option, it is keen to call out the former employee. In the report, Ravindran claims that the company has enough evidence, like GitHub response, to file an official complaint. But, the next steps are yet to be the X post, CEO stated that KiranaPro app (launched in December 2024) will be back in just a few months, with much better security measures. The platform, a buyer-facing application integrated with the Indian government's Open Network for Digital Commerce (ONDC), currently serves around 55,000 customers, with 30,000 to 35,000 active buyers spread across 50 cities, placing approximately 2,000 orders each day. What sets KiranaPro apart from conventional grocery apps is its voice-enabled interface, which supports multiple languages including Hindi, Tamil, Malayalam, and English, allowing users to place orders using simple voice commands.
Yahoo
07-06-2025
- Business
- Yahoo
After its data was wiped, KiranaPro's co-founder cannot rule out an external hack
Indian grocery delivery startup KiranaPro's recent data loss story has more holes than Swiss cheese, as the startup remains unclear whether the incident was an internal breach or an external hack. Last week, the Bengaluru-based startup discovered that it could not access its back-end servers and that all its data, including its app code, had been deleted from GitHub. The startup on Friday blamed a former employee for the breach. However, in an interview, KiranaPro co-founder and CEO Deepak Ravindran conceded that the company had not deactivated the employee's account after they departed the company and cannot rule out the possibility of subsequent malicious misuse of their account. "If we go deeper, we have to do a real forensic investigation. We are going to talk [about] this with our board, the investors, and we are going to get a formal opinion on that also with our legal advisers," Ravindran told TechCrunch. Earlier on Friday, Ravindran claimed in a post on X that the incident that affected its data was an internal breach. "After careful investigation, we conclude that this was not a hack. No external party penetrated our ordering or payment systems, exploited vulnerabilities, or bypassed security protocols," he wrote. The co-founder also explicitly shared a screenshot of a LinkedIn profile of one of KiranaPro's former employees on X on Thursday, alleging that they had deleted the startup's code. (TechCrunch is not sharing the post's link, as the startup has yet to offer concrete proof supporting its position.) "[T]his was an internal data breach. Specifically, it was the result of actions taken by a trusted internal employee who had legitimate access to our systems," the co-founder wrote in his post on Friday. "This individual intentionally deleted critical server logs while they were being tested and/or edited, an action that goes directly against our policies, our principles, and the trust we place in our team." When TechCrunch asked if KiranaPro could rule out whether any third party had maliciously gained access to the former employee's account, Ravindran could not. "We have to do a complete forensic check on the company. We have to do the entire IP scan. We have to look at where the tracks happened. We have to check the computers, MacBooks, and whatever is used. Everything has to be done. Then we have to spend money … so, that's why we decided not to," he told TechCrunch. Then what was the basis of Ravindran's allegation? It was a GitHub response, a copy of which he shared with TechCrunch. The response included a username, which Ravindran said was associated with the former employee. "All we have is the emails that we got from GitHub, stating that [the former employee's username] as an individual is the one who deleted the account. We haven't done the investigation further," Ravindran told TechCrunch. Launched in late 2024, KiranaPro operates as a buyer app on the Indian government's Open Network for Digital Commerce. The startup allows more than 55,000 customers in 50 cities to purchase groceries from their local shops and nearby supermarkets using its voice-based interface. The company also supports local language inputs, including English, Hindi, Malayalam, and Tamil. Ravindran stated that they decided to call out the former employee based on the company's "belief system," as they claim the former employee deleted the data after their sudden termination. However, the startup said it is not aware if there were enough protections on the former employee's devices, such as multi-factor authentication, to restrict malicious third-party access, like malware. The company confirmed it did not remove the employee's access to its data and GitHub account following his departure. "Employee offboarding was not being handled properly because there was no full-time HR," KiranaPro's chief technology officer, Saurav Kumar, confirmed to TechCrunch. Alongside its code saved in GitHub, KiranaPro also lost access to its Amazon Web Services (AWS) account, which included its customer data and their transaction details. Ravindran told TechCrunch that the GitHub data was restored after getting its backup from one of their employees. The startup also regained access to its AWS account along with its customer data. Both the co-founder and CTO said the AWS account was protected by multi-factor authentication, but neither could say how the account was accessed, as nobody else had physical access to Ravindran's phone, which generates the multi-factor code. Nonetheless, Ravindran claimed that the customer data stored in the AWS cloud remained intact and was not accessed by any third parties, nor was it downloaded by the former employee in question. "Because if that is the case, I will get its notification on email or anything [sic]," he said. That said, Ravindran stated that the startup has enough evidence to file a formal complaint with the police, but said that its investigation is ongoing. The startup has also not fully paid its current employees, the company's co-founder confirmed, soon after the company raised a seed round of ₹100 million Indian rupees (about $1.2 million), which Ravindran said has yet to be fully wired. The startup counts Blume Ventures, Unpopular Ventures, and Turbostart among its institutional venture backers, as well as Olympic medalist PV Sindhu and Boston Consulting Group managing director Vikas Taneja among its angel investors. It has 15 employees located in Bengaluru and Kerala. Sign in to access your portfolio
TechCrunch
07-06-2025
- Business
- TechCrunch
After its data was wiped, KiranaPro's co-founder cannot rule out an external hack
Indian grocery delivery startup KiranaPro's recent data loss story has more holes than Swiss cheese, as the startup remains unclear whether the incident was an internal breach or an external hack. Last week, the Bengaluru-based startup discovered that it could not access its back-end servers and that all its data, including its app code, had been deleted from GitHub. The startup on Friday blamed a former employee for the breach. However, in an interview, KiranaPro co-founder and CEO Deepak Ravindran conceded that the company had not deactivated the employee's account after they departed the company and cannot rule out the possibility of subsequent malicious misuse of their account. 'If we go deeper, we have to do a real forensic investigation. We are going to talk [about] this with our board, the investors, and we are going to get a formal opinion on that also with our legal advisers,' Ravindran told TechCrunch. Earlier on Friday, Ravindran claimed in a post on X that the incident that affected its data was an internal breach. 'After careful investigation, we conclude that this was not a hack. No external party penetrated our ordering or payment systems, exploited vulnerabilities, or bypassed security protocols,' he wrote. The co-founder also explicitly shared a screenshot of a LinkedIn profile of one of KiranaPro's former employees on X on Thursday, alleging that they had deleted the startup's code. (TechCrunch is not sharing the post's link, as the startup has yet to offer concrete proof supporting its position.) '[T]his was an internal data breach. Specifically, it was the result of actions taken by a trusted internal employee who had legitimate access to our systems,' the co-founder wrote in his post on Friday. 'This individual intentionally deleted critical server logs while they were being tested and/or edited, an action that goes directly against our policies, our principles, and the trust we place in our team.' When TechCrunch asked if KiranaPro could rule out whether any third party had maliciously gained access to the former employee's account, Ravindran could not. 'We have to do a complete forensic check on the company. We have to do the entire IP scan. We have to look at where the tracks happened. We have to check the computers, MacBooks, and whatever is used. Everything has to be done. Then we have to spend money … so, that's why we decided not to,' he told TechCrunch. Then what was the basis of Ravindran's allegation? It was a GitHub response, a copy of which he shared with TechCrunch. The response included a username, which Ravindran said was associated with the former employee. 'All we have is the emails that we got from GitHub, stating that [the former employee's username] as an individual is the one who deleted the account. We haven't done the investigation further,' Ravindran told TechCrunch. Former employee's account was never offboarded Launched in late 2024, KiranaPro operates as a buyer app on the Indian government's Open Network for Digital Commerce. The startup allows more than 55,000 customers in 50 cities to purchase groceries from their local shops and nearby supermarkets using its voice-based interface. The company also supports local language inputs, including English, Hindi, Malayalam, and Tamil. Ravindran stated that they decided to call out the former employee based on the company's 'belief system,' as they claim the former employee deleted the data after their sudden termination. However, the startup said it is not aware if there were enough protections on the former employee's devices, such as multi-factor authentication, to restrict malicious third-party access, like malware. The company confirmed it did not remove the employee's access to its data and GitHub account following his departure. 'Employee offboarding was not being handled properly because there was no full-time HR,' KiranaPro's chief technology officer, Saurav Kumar, confirmed to TechCrunch. Company restores AWS account and GitHub data Alongside its code saved in GitHub, KiranaPro also lost access to its Amazon Web Services (AWS) account, which included its customer data and their transaction details. Ravindran told TechCrunch that the GitHub data was restored after getting its backup from one of their employees. The startup also regained access to its AWS account along with its customer data. Both the co-founder and CTO said the AWS account was protected by multi-factor authentication, but neither could say how the account was accessed, as nobody else had physical access to Ravindran's phone, which generates the multi-factor code. Nonetheless, Ravindran claimed that the customer data stored in the AWS cloud remained intact and was not accessed by any third parties, nor was it downloaded by the former employee in question. 'Because if that is the case, I will get its notification on email or anything [sic],' he said. That said, Ravindran stated that the startup has enough evidence to file a formal complaint with the police, but said that its investigation is ongoing. The startup has also not fully paid its current employees, the company's co-founder confirmed, soon after the company raised a seed round of ₹100 million Indian rupees (about $1.2 million), which Ravindran said has yet to be fully wired. The startup counts Blume Ventures, Unpopular Ventures, and Turbostart among its institutional venture backers, as well as Olympic medalist PV Sindhu and Boston Consulting Group managing director Vikas Taneja among its angel investors. It has 15 employees located in Bengaluru and Kerala.
