The recent history of Kiranapro grocery grocery data loss has more holes than Swiss cheese, as the start remains unclear if the incident was an internal violation or external hack.
Last week, Bengaluru-based starting that it could not have access to back-end servers and that all its data, including the application code, had been deleted from GitHub. The start on Friday accused a former infringement employee. However, in an interview, Kiranapro Co -founder and CEO Deepak Ravindran admitted that the company had not disabled the employee’s account after departing from the company and could not exclude the possibility of subsequent malicious abuse of their account.
“If we go deeper, we have to do a real forensic investigation. We will talk [about] This with our Council, investors, and we will have a formal opinion on this and with our legal advisers, “Ravindran told TechCrunch.
Earlier on Friday, Ravindran claimed in a Post in x That the incident that influenced his data was an internal violation.
“After careful research, we conclude that this was not a hack. No external party penetrated our order or payments systems, exploited vulnerabilities or bypassing security protocols,” he wrote.
The co -founder also explicitly shared a screenshot of a LinkedIn profile of one of the former Kiranapro employees on Thursday, claiming that they had deleted the start code. (TechCrunch does not share the suspension link, as the start has not yet offered a specific proof that supports its location.)
“[T]It was an internal data violation. Specifically, it was the result of the actions taken by a credible internal employee who had legal access to our systems, “the co -founder wrote in place on Friday.
When TechCrunch asked if Kiranapro could block if any third party had obtained malicious access to the former employee’s account, Ravindran could not.
“We need to do a full forensic check of the company. We need to do the whole IP scan. We need to consider where the pieces happened. We need to check computers, macbooks and everything used.
Then what was the basis of Ravindran’s claim? It was a GitHub answer, a copy of which he shared with TechCrunch.
The answer included a username, which Ravindran said was linked to the former employee.
“All we have is the emails we got from GitHub, stating that this [the former employee’s username] As a person is what the account deletes. We have not done further research, “Ravindran told TechCrunch.
The employee’s former account was never turned off
Started in late 2024, Kiranapro acts as a buyer application on the Indian Government’s open network for digital trade. The start allows more than 55,000 customers in 50 cities to buy groceries from local stores and nearby supermarkets using its vocal interface. The company also supports local language inflows, such as English, Hindi, Malayalam and Tamil.
Ravindran said they decided to call the former employee based on the company’s “belief system”, claiming that the former employee deleted the data after their sudden end.
However, the start said that he did not know if there were enough protections on the former employee’s devices, such as multiple factors, to limit malicious access to third parties, such as malware.
The company confirmed that it did not abolish the employee’s access to the data and GitHub’s account after departure.
“The offboarding employee did not handle properly because there was no full employment,” Kiranapro technology chief Saurav Kumar confirmed to TechCrunch.
Company restores AWS account and gitHub data
Along with his code stored on Github, Kiranapro also lost access to his Amazon Web Services (AWS) account, which included customer data and transaction details.
Ravindran told TechCrunch that Github data was restored after receiving the backup from one of their employees. The start also returned access to AWS’s account along with its customers’ data.
Both the co -founder and the CTO said the AWS account is protected from multiple factors, but could not even say how the account had access, as no one else had physical access to Ravindran’s phone, which produces the multiple factors code.
However, Ravindran claimed that the customer data stored in the AWS cloud remained intact and did not access third parties, nor were they received by the former employee.
“Because, if this is the case, I will receive its notice to e -mail or whatever [sic]”He said.
This said, Ravindran said the start has enough evidence to file a formal complaint to the police, but said her investigation was ongoing.
The start has also fully paid its current employees, the company’s co -founder confirmed, soon after the company appeared in 100 million Indian rupees (about $ 1.2 million), which Ravindran said has not yet fully wired.
The start counts Blume Ventures, non -popular businesses and turbostart among its institutional supporters, as well as the PV Sindhu Olympic Medal and Managing Director of the Boston Consulting Group Vikas Taneja between the Angel investors. It has 15 employees located in Bangalore and Kerala.
