Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Indian grocery distribution begins Data loss The story has more holes than Swiss cheese, because the startup remains unclear whether the event is internal violation or external hack.
Last week, the Bengaluru-based startup discovered that it could not access its back-end servers and all its data with its application code was removed from Githube. The startup on Friday blamed a former employee for violating. However in an interview, Kiranapro Co-founder and CEO Deepak Rabindran acknowledged that the company did not disable the employee’s account after the company left and could not deny the possibility of subsequent malicious abuse of their account.
“If we get deeper we have to do a real forensic inquiry We We’re going to talk [about] It is going to get a formal opinion about it with our board, investors and our legal consultants, “Rabindran told TechCrunch.
Earlier Friday, Rabindran made a claim X posts The event that affected his data was an internal violation.
“After the investigation with caution, we reached the conclusion that this is no hack. No external team has entered our order or payment systems, bypassing the weaknesses or security protocols that were exploited,” he wrote.
The co-founder also clearly shared a screenshot of the LinkedIn profile of one of the former employees of Xnapro on Thursday, complaining that they deleted the startup code. (TechCrunch Post is not sharing the link because the startup has not yet offered concrete proof that supports its location)))
“[T]He had an internal data violation. In particular, it was the result of the steps taken by a trusted internal employee who received valid access to our system, “the co-founder wrote on his post on Friday.
When TechCrunch asked that Kiranapro could not deny whether a third party had received access to the former employee’s account.
“We need to make a full forensic check in the organization. We have to scan the whole IP. We need to see where the tracks have happened. We have to check the computer, McBooks and everything used to do. We have to do everything. Then we have to spend money … So, we will not decide,” he told Techkrank.
So what was the basis for Rabindran’s complaint? It was a github response, a copy of which he shared with TechCrunch.
The response included a username, which Rabindran said that he was associated with the former employee.
“What we have is the email we receive from Github, it refers to [the former employee’s username] As a person he is the one who deleted the account. We did not investigate the investigation, “Rabindran told TechCrunch.
The ex -employee’s account has never been offboard
Launched by the end of 2021, Kiranapro served as a buyer app on the Open Network of the Government of India for digital trade. Startup allows more than 55,000 customers to buy grocery using voice-based interfaces from their local shops and nearby supermarkets. The company supports native language inputs including English, Hindi, Malayalam and Tamil.
Rabindran said they had decided to call the former employee on the basis of the “Faith system” of the company, as they claimed that the former employee had deleted data after their sudden completion.
However, the startup said that ex -employee’s devices had adequate protection, such as enough protection was not aware of Multi-factor authenticationTo restrict the access to the third party contaminated like malware.
The company has confirmed that it did not remove access to the employee’s data and the Github account after its departure.
Kiranapro chief technology officer Sourav Kumar confirmed to TechCrunch, “Since there is no full -time HR, employee offboarding is not being managed properly.”
The Agency recovers the AWS account and the Githab Data
In addition to the code stored in Githube, Kiranapro lost access to his Amazon Web Services (AWS) account, including its customer data and their transaction details.
Rabindran told TechCrunch that Github data was recovered after receiving a backup from one of their employees. The startup was back access to its AWS account with its customer’s data.
Both the co-founder and CT also said that the AWS account was protected by multi-factor authentication, but could not even say how the account was accessed, because anyone else had no physical access to Rabindranon’s phone, which produces multi-factor code.
Nevertheless, Rabindran claimed that the customer’s data stored in the AWS cloud was intact and was not accessed by any third party, or was not downloaded by a former employee on the question.
“If this is the case I will get its notification on email or any other subject [sic]He said.
It said that Rabindran had said that there was sufficient evidence in the startup to file a formal complaint to the police, but he said the investigation was underway.
This startup could not be fully paid to its current employees, the co-founder of the company confirmed that the company said that after collecting the seeds of 100 million Indian rupees (about $ 2 million), Rabindran said that Rabindran had not yet been fully wired.
The startup was counted among his institutional initiatives, Bloom Ventures, Unhappy Initiatives and Turbostarts, as well as Olympic Medalist PV Sindhu and Managing Director of Boston Consulting Group, Bikas Taneza, among his Angel investors. It has 15 employees located in Bengaluru and Kerala.