Indian grocery delivery begins CranePro Hacked and all its data has been wiped out, the company’s founder confirmed the tech cranch.
Karnapro co -founder and CEO Deepak Ravindran told Tech Crunch, the damaged data included the company’s app code and its servers, including sensitive consumer information banks, including their names, mailing addresses, and payment details, co -founder and CEO Deepak Ravindran.
Tech Crunch has found that the company’s app is online but cannot process orders.
Launched in December 2024, the Karnapro works as a buyer app on the Indian government’s open network for digital commerce, allowing consumers to buy grocery from their local shops and nearby supermarkets.
According to the company, Karnapro has 55,000 users, of which there are 30,000-35,000 active buyers in 50 cities, which collectively give 2,000 orders daily. Unlike a typical grocery delivery app, Cranpro offers a sound -based interface that allows users to order from local shops using sound commands in languages ​​like Hindi, Tamil, Malayalam and English.
Ravindran said the incident was planned to spread to 100 cities in the next 100 days before the incident took place.
On May 26, Karnapro executives became aware of the incident while logging into their Amazon Web Services account. Ravindran told Tech Crunch that the hackers had access to the root accounts of Karnapro on AWS and Gut Hub.
Ravindran shared some screenshots of Gut Hub Security Logs and a file containing a sample of activity logs around the time of the incident, which shows that someone has been hacking after someone has access to his system through a former employee’s account.
Karnapro’s Chief Technology Officer Soro Kumar told Tech Crunch that the hack took place around May 24-25.
Startup said it has used Google authenticity in his AWS account for multi -factor verification. Kumar told Tech Crunch that when he tried to log in to his AWS account last week, the multi -factor code was changed, and all his electric computing clouds (EC2) services, which allow customers to access virtual computers to run their applications.
“We can just log in through the IAM (identification and access management) account, through which we can see that EC2 examples do not exist, but we cannot get any logs or anything because we do not have a root account,” he said.
Ravindran said that the Gut Hub has reached the Gut Hub Support Team to help identify the IP addresses of the Karnapro hacker and other signs of the incident.
Similarly, Ravindran told Tech Crunch that Startup was registering cases against his former employees, whom he said he did not submit his credentials to access his gut hub accounts to check his logs.
It is unclear how the attack took place. In recent years, some of the largest cyberrtex, such as last pass, change healthcare, and snop, were due to theft, such as malware that stealing passwords on an employee’s laptop, and verifying the missing or unprecedented multi -factor.
Companies were eventually responsible for implementing their system security, including their employees should use multi -factor verification, and eliminate former employees’ accounts who no longer work in their company.
Karnapro counted his company among his companion -backed ventures, as well as Olympic medalists PV Sindhu and BCG MD Vikas Tenja among their angel investors. The company has a team of 15 employees in Bangalore and Kerala.