In a major setback for India’s growing quick commerce sector, ONDC-powered startup KiranaPro has suspended all operations following a severe cyberattack. The breach wiped out the company’s entire app codebase and compromised its sensitive customer data. Deepak Ravindran, Co-founder and CEO of KiranaPro, confirmed the incident in an exclusive statement to YourStory.
The attack struck KiranaPro at a critical phase in its business trajectory. Over the past five days, the company’s mobile application has remained completely inoperable. As a result, the startup has placed business partnerships worth Rs 5 crore on indefinite hold. Additionally, the company is now losing out on nearly 1 lakh download requests per day, alongside 2,000 daily orders—numbers that reveal the scale of impact.
The Extent of the Damage
The cyberattack did not just cripple KiranaPro’s front-end application; it obliterated its core infrastructure. Hackers targeted the startup’s central code repository and customer database, erasing essential components that powered its operations. KiranaPro’s internal security team, along with external cybersecurity consultants, launched a full-scale investigation within hours of the breach. However, they discovered the attackers had deployed a destructive malware that executed a complete data wipe, leaving no backup copies behind.
The breach exposed critical vulnerabilities in the company’s server configurations and cloud storage policies. Engineers failed to recover the destroyed assets despite deploying data retrieval tools and forensic technologies. This incident has raised significant concerns regarding data protection practices in early-stage startups operating within the ONDC (Open Network for Digital Commerce) framework.
What Went Wrong?
Initial reports suggest that the attackers gained access through a misconfigured API endpoint that lacked adequate authentication layers. Once inside the system, they deployed a data-wiping tool that not only deleted app-related source code but also purged databases containing user profiles, transaction histories, order records, and payment information.
KiranaPro’s backend, which relied heavily on cloud-native microservices and third-party integrations, offered multiple entry points to malicious actors. While the engineering team had basic security protocols in place, the system lacked enterprise-grade threat detection and real-time intrusion monitoring. Experts believe this made the system an easy target for sophisticated cybercriminals.
Business Disruption and Financial Losses
The cyberattack delivered a massive blow to KiranaPro’s business continuity. Over the past week, the company has watched its growth momentum grind to a halt. With daily download requests crossing 1 lakh and order volumes exceeding 2,000 a day, the loss of app functionality means KiranaPro now operates at zero throughput.
Additionally, the company had recently forged strategic partnerships with logistics providers, warehouse operators, and kirana stores—deals collectively worth Rs 5 crore. These partnerships now remain suspended, putting immense pressure on the startup’s credibility and reliability.
The timing of the incident also spells trouble for the company’s fundraising plans. KiranaPro was on the verge of closing its seed funding round with several institutional investors. However, the breach has introduced uncertainty, potentially delaying or derailing the funding process. Investors may now demand higher levels of due diligence, security audits, and reassurances about business continuity.
Response from Leadership
Deepak Ravindran, in his official statement, took full responsibility for the breach. He acknowledged the shortcomings in KiranaPro’s cybersecurity framework and assured stakeholders that the company would adopt a zero-compromise approach moving forward.
“Our engineering team is working round the clock to rebuild the application infrastructure from the ground up. We are investing in new security protocols, performing a complete overhaul of our cloud architecture, and engaging third-party cybersecurity experts to supervise the recovery process,” said Ravindran.
He also confirmed that the team has initiated communication with customers and partners affected by the incident. “We believe in transparency and accountability. Our team has begun notifying stakeholders and issuing periodic updates. We aim to resume full operations as soon as possible,” he added.
Sector-Wide Repercussions
The KiranaPro incident has sent shockwaves across the Indian quick commerce and ONDC startup community. With cyberattacks on the rise, industry insiders now stress the importance of adopting security-by-design principles. Startups in the commerce space often prioritize product rollout and customer acquisition while delaying investments in robust cybersecurity frameworks. This breach serves as a cautionary tale for others in the ecosystem.
KiranaPro’s setback could also slow the adoption momentum of ONDC among early-stage ventures. ONDC aims to democratize digital commerce in India by offering open APIs and standardized interfaces. However, the recent breach shows how critical security compliance and readiness become when building on open platforms.
Road to Recovery
KiranaPro has already initiated the first steps toward rebuilding. The leadership team has approved emergency funds to redevelop its platform from scratch. Engineers are working to restore services using more secure and decentralized architectures. The company plans to reintroduce app functionality in phases, starting with order placements and inventory visibility.
In parallel, KiranaPro has engaged cybersecurity firms to implement a multi-layered defense strategy. These steps include endpoint detection and response (EDR), role-based access control, secure DevOps pipelines, real-time threat intelligence, and mandatory security audits.
Additionally, the startup is developing a compensation framework for affected users. Although no financial fraud has emerged so far, the company will offer service credits and discounts to regain customer trust. Ravindran confirmed that KiranaPro will soon release a public-facing incident report detailing the causes and preventive actions taken.
Lessons for the Startup Ecosystem
The KiranaPro breach underlines several vital lessons for India’s tech startup landscape:
- Security must become integral to product development. Startups must treat cybersecurity as a core pillar, not a secondary concern.
- Open platforms demand higher safeguards. Leveraging ONDC’s open infrastructure can create new attack surfaces, making advanced security measures non-negotiable.
- Incident response planning is critical. Companies must establish crisis protocols well before a breach occurs. This includes backup strategies, disaster recovery plans, and customer communication workflows.
- Transparency earns trust. KiranaPro’s prompt acknowledgment and open communication will help preserve its brand reputation and stakeholder relationships.
Conclusion
KiranaPro’s current crisis is one of the most significant cybersecurity incidents in the Indian quick commerce space to date. The breach disrupted a promising startup, stalled Rs 5 crore worth of partnerships, and exposed weaknesses that many emerging businesses share. As KiranaPro battles to recover from the damage, it must now rebuild not just its app—but its entire technological foundation and stakeholder confidence.
The path forward remains difficult, but the company’s transparent handling and swift action reflect a determination to rise stronger. For the larger startup ecosystem, this event marks a turning point—forcing a long-overdue conversation about cybersecurity readiness in India’s digital-first economy.