KiranaPro Grocery App Hacked: Here’s What It Means for You and Your Private Data Like Bank Details, Address

You may have heard of KiranaPro, a new grocery company that promises to deliver goods to your house in 10 to 20 minutes. But everything went wrong last month (May 24 and May 25) when the company was hacked. And it is not just a small breach; it has turned into a complete disaster. 

KiranaPro- a quick commerce company, was launched in 2024 and offered a voice-based ordering system in local languages like Hindi, Malayalam, Tamil and English. The app connected users to local grocery stores across 50 Indian cities. The delivery startup received a shock when a breach was discovered on May 26. The hackers gained unauthorised control over the company’s system, because of which the team was unable to log in to their Amazon Web Services (AWS) account.

What exactly happened at KiranaPro?

KiranaPro got hacked. All its virtual servers were removed, the app code was erased, and user data, which includes sensitive information like bank details, payment information, and address, was stolen. The hackers got in using an account of a former employee, and even though the organisation had multi-factor authentication, the attackers were still able to take over the company's AWS and GitHub accounts. 

What does this mean for you?

Your data isn't always safe. KiranaPro’s system has your name, address, and payment information. If you use their app, hackers might have your information right now.  This isn't only KiranaPro's problem; it's a warning for all businesses that deal with your information.  If you don't properly disable previous accounts, security is not foolproof, even with solutions like Google Authenticator. 

Protect your data even if you are not a KiranaPro user. The KiranaPro hack is a good reminder to check your bank and credit card accounts for fishy expenses, change your passwords, and be extra vigilant about where your information goes. 

The KiranaPro hack is also an example of how sometimes ex-employees might be a big security risk. The hack is said to have originated while an ex-employee’s credentials were kept active. This is a classic mistake.  There should be no ifs or buts about it: when someone leaves an organisation, their access should be locked down right away.  This shuts the backdoor for hackers.  

Read more: Google Pixel 10 Launch Pushed to August 20: Here are 5 top phone