KiranaPro’s recent Indian Grapping Delivery Start Loss of data The story has more holes than the Swiss cheese, as the startup is still unclear if the incident was an internal breach or an external hack.
Last week, Bengaluru -based startup discovered that it could not access its background servers and that all its data, including its application code, had been deleted from GitHub. Friday startup blamed an old breach employee. However, in an interview, Kiranapro The co -founder and CEO, Deepak Ravindran, acknowledged that the company had not disabled the employee’s account after they left the company and cannot rule out the possibility of subsequent malicious misuse of his account.
“If we delve deeper, we have to do a real forensic investigation. We will talk (about) with our advice, investors, and we will get a formal opinion on this also with our legal advisers,” Ravindar will tell Techcrunch.
Friday before, Ravindran stated in a Publishes Ax That the incident affecting your data was an internal breach.
“After a thorough investigation, we come to the conclusion that this was a pirate. No external part penetrated our order or payment systems, exploited vulnerabilities or passed security protocols,” he wrote.
The co -founder also explicitly shared a screenshot of a Linkedin profile from one of the former KiranaPro employees on X on Thursday, saying that they had deleted the startup code. (Techcrunch does not share the publication link, as the startup has not yet offered concrete tests that support its position.)
“(T) his was a breach of internal data. Specifically, it was the result of actions carried out by a trustworthy internal employee who had legitimate access to our systems,” the co -founder wrote in his place on Friday. “This individual suppressed the records of intentionally critical servers while they were tested and/or edited, an action that goes directly against our policies, our principles and the confidence we form in our team.”
When Techcrunch asked if KiranaPro could rule out if any third had maliciously accessed the former employee’s account, Ravindran could not.
“We need to make a complete forensic control of the company. We need to do all the exploration IP. We have to look at where the tracks have passed. We need to review the computers, the MacBooks and anything that is used. Everything must be done. Then we have to spend money … so we decided not,” he told Techcrunch.
So what was the basis of Ravindran’s allegation? It was a response from Github, a copy of which he shared with Techcrunch.
The answer included a username, which Ravindran said he was associated with the former employee.
“All we have is the emails we received from Github, saying that (the former employee’s username) as an individual, it is the one who deleted the account. We have not done the research beyond,” Ravindar will tell Techcrunch.
Old employee’s account was never off on board
Launched at the end of 2024, KiranaPro operates as an application of buyers to the Open Network of the Indian Government for Digital Trade. The startup allows more than 55,000 customers from 50 cities to buy groceries from their local shops and nearby supermarkets through their voice -based interface. The company also supports local language contributions, including English, Hindi, Malah and Tamil.
Ravindran stated that they decided to call the former employee based on the company’s “belief system”, as they claim that the former employee deleted the data after its sudden completion.
However, the startup said he is not aware if there were enough protections to the former employee’s devices, such as Authentication of various factorsTo restrict the access of malicious third parties, such as the Malware.
The company confirmed that he did not delete the employee’s access to his data and the Gitub account after his departure.
“The execution of the employees was not managed correctly because there were no full -time human resources,” Kiranapro technology manager, Saurav Kumar, confirmed to Techcrunch.
The company restores the AWS account and data from GitHub
Next to his code stored in Github, KiranaPro also lost access to his Amazon Web Services (AWS) account, which included customer data and their transaction details.
Ravindran told Techcrunch that Github’s data was reset after receiving his backup from one of his employees. The startup also regained access to its AWS account along with its customer’s data.
Both the co-founder and the CTO said that the AWS account was protected by multi-facing authentication, but it could not be said how the account was accessed, as no one else had physical access to the telephone of Ravindran, which generates the code of several factors.
However, Ravindran stated that the client data stored in the AWS cloud remained intact and did not access third parties, nor was it downloaded by the former employee in question.
“Because if so, I will receive his notification by email or anything (sic),” he said.
That said, Ravindran stated that the startup has enough evidence to file a formal complaint to the police, but said that his investigation continues.
The startup has not completely paid its current employees, the company co -founder confirmed, shortly after the company increased a round of $ 100 million from Indian Rupees (about $ 1.2 million), which Ravindar said has not yet been fully wired.
The startup has Blume Ventures, inpopular ventures and turbostart among its institutional sponsors, as well as the Olympic medalist PV Sindhu and the manager of the Boston Consulting Group, Vikas Taneja, among its investors Angel. It has 15 employees located in Bengaluru and Kerala.
