Summary:
KiranaPro's data wipe raises questions: internal breach or external hack?
Startup blames a former employee but admits lapses in offboarding and security.
GitHub and AWS access restored, but forensic investigation pending.
Multi-factor authentication on AWS couldn't prevent the breach, method unknown.
Startup considers legal action, while employees await full payment from a $1.2M seed round.
Indian grocery delivery startup KiranaPro faces a puzzling situation after a significant data loss incident. The company's servers and GitHub repositories were wiped clean, raising questions about whether this was an internal breach or an external hack.
The Incident Unfolds
Last week, KiranaPro discovered it could no longer access its back-end servers, and all its data, including app code, had been deleted from GitHub. Initially, the startup pointed fingers at a former employee, alleging intentional deletion of critical data. However, co-founder and CEO Deepak Ravindran admitted that the company hadn't deactivated the employee's account post-departure, leaving room for potential malicious misuse.
Investigation and Allegations
Ravindran shared a GitHub response linking the deletion to the former employee's username but conceded that a full forensic investigation hasn't been conducted. "We have to do a complete forensic check on the company," he stated, highlighting the need for an in-depth review of devices and systems.
Security Lapses Revealed
KiranaPro's CTO, Saurav Kumar, confirmed that employee offboarding was mishandled, lacking proper HR protocols to revoke access. This oversight left the company vulnerable, with no certainty if the former employee's account was compromised by a third party.
Data Restoration Efforts
Despite the chaos, KiranaPro managed to restore its GitHub data from a backup and regained access to its AWS account, which houses customer and transaction details. The company claims the AWS account was protected by multi-factor authentication, yet the breach's exact method remains unclear.
Ongoing Concerns
With customer data reportedly intact, the startup is considering legal action but continues its investigation. Meanwhile, employees await full payment, as a recently raised seed round of $1.2 million hasn't been fully disbursed.
KiranaPro, backed by notable investors like Blume Ventures and Olympic medalist PV Sindhu, operates in 50 Indian cities, serving over 55,000 customers with its voice-based grocery shopping app.
Comments