Data Wipeout at Indian Startup: Was it an Insider Job or Something More Sinister?

Hustler Words – The recent data loss suffered by Indian grocery delivery startup KiranaPro has taken a perplexing turn. Initially attributed to a disgruntled former employee by co-founder and CEO Deepak Ravindran on hustlerwords.com, the narrative is now far less clear-cut. While Ravindran initially claimed an "internal breach," he now admits that the possibility of an external hack, exploiting the former employee’s un-deactivated account, cannot be ruled out.

Last week, KiranaPro discovered its backend servers inaccessible, with all data—including app code from GitHub—wiped. Ravindran initially pointed the finger at a former employee, even sharing a LinkedIn profile on X (formerly Twitter), though he provided no concrete proof. This hasty accusation, however, now seems premature.

In a subsequent interview, Ravindran conceded that the company failed to deactivate the employee’s account after their departure, leaving open the possibility of malicious access. He stated, "If we go deeper, we have to do a real forensic investigation…we are going to get a formal opinion on that also with our legal advisers." This admission significantly undermines his earlier assertions of a purely internal breach.

The evidence presented by Ravindran—a GitHub response indicating the former employee’s username—is far from conclusive. He admitted, "All we have is the emails that we got from GitHub…We haven’t done the investigation further." This lack of thorough investigation casts doubt on the initial conclusions.

The situation is further complicated by the fact that KiranaPro’s AWS account, containing customer data and transaction details, was also compromised. While Ravindran claims the data remained intact, he cannot explain how access was gained, even with multi-factor authentication in place. The company’s CTO, Saurav Kumar, confirmed that proper employee offboarding procedures were not followed due to the absence of a full-time HR department.

KiranaPro has since restored its GitHub data and AWS access, but the lingering questions surrounding the incident remain. The company’s failure to conduct a proper forensic investigation, coupled with its admission of inadequate security protocols, raises serious concerns about its data security practices. The incident serves as a stark reminder of the importance of robust security measures and thorough employee offboarding processes, even for startups. The ongoing investigation, and the potential involvement of law enforcement, will undoubtedly shed more light on this complex and evolving situation. The future of KiranaPro, and the trust of its investors and customers, now hangs in the balance.