\n<\/p>\n
Indian grocery delivery startup KiranaPro\u2019s recent data loss<\/a> story has more holes than Swiss cheese, as the startup remains unclear whether the incident was an internal breach or an external hack.<\/p>\n Last week, the Bengaluru-based startup discovered that it could not access its back-end servers and that all its data, including its app code, had been deleted from GitHub. The startup on Friday blamed a former employee for the breach. However, in an interview, KiranaPro<\/a> co-founder and CEO Deepak Ravindran conceded that the company had not deactivated the employee\u2019s account after they departed the company and cannot rule out the possibility of subsequent malicious misuse of their account.<\/p>\n \u201cIf we go deeper, we have to do a real forensic investigation. We are going to talk [about] this with our board, the investors, and we are going to get a formal opinion on that also with our legal advisers,\u201d Ravindran told TechCrunch.<\/p>\n Earlier on Friday, Ravindran claimed in a post on X<\/a> that the incident that affected its data was an internal breach.<\/p>\n \u201cAfter careful investigation, we conclude that this was not a hack. No external party penetrated our ordering or payment systems, exploited vulnerabilities, or bypassed security protocols,\u201d he wrote.<\/p>\n The co-founder also explicitly shared a screenshot of a LinkedIn profile of one of KiranaPro\u2019s former employees on X on Thursday, alleging that they had deleted the startup\u2019s code. (TechCrunch is not sharing the post\u2019s link, as the startup has yet to offer concrete proof supporting its position.)<\/p>\n \u201c[T]his was an internal data breach. Specifically, it was the result of actions taken by a trusted internal employee who had legitimate access to our systems,\u201d the co-founder wrote in his post on Friday. \u201cThis individual intentionally deleted critical server logs while they were being tested and\/or edited, an action that goes directly against our policies, our principles, and the trust we place in our team.\u201d<\/p>\n When TechCrunch asked if KiranaPro could rule out whether any third party had maliciously gained access to the former employee\u2019s account, Ravindran could not.<\/p>\n \u201cWe have to do a complete forensic check on the company. We have to do the entire IP scan. We have to look at where the tracks happened. We have to check the computers, MacBooks, and whatever is used. Everything has to be done. Then we have to spend money\u00a0\u2026 so, that\u2019s why we decided not to,\u201d he told TechCrunch.<\/p>\n Then what was the basis of Ravindran\u2019s allegation? It was a GitHub response, a copy of which he shared with TechCrunch.<\/p>\n The response included a username, which Ravindran said was associated with the former employee.<\/p>\n \u201cAll we have is the emails that we got from GitHub, stating that [the former employee\u2019s username] as an individual is the one who deleted the account. We haven\u2019t done the investigation further,\u201d Ravindran told TechCrunch. <\/p>\n Launched in late 2024, KiranaPro operates as a buyer app on the Indian government\u2019s Open Network for Digital Commerce. The startup allows more than 55,000 customers in 50 cities to purchase groceries from their local shops and nearby supermarkets using its voice-based interface. The company also supports local language inputs, including English, Hindi, Malayalam, and Tamil.<\/p>\n Ravindran stated that they decided to call out the former employee based on the company\u2019s \u201cbelief system,\u201d as they claim the former employee deleted the data after their sudden termination.<\/p>\nFormer employee\u2019s account was never offboarded<\/h2>\n