Getting hacked is the new normal that keeps getting repeated over and over again. More often than not it comes to bite the organisations who are not at all prepared for it. The startup fraternity would have thought that could barely be the target. Common sense and fond hopes are the biggest adversaries of security and cyber security is no different. On this backdrop we have to view the recent hack of KiranaPro. Some have started taking cyber security seriously, and putting up guardrails, but whether that has been enough is the million-dollar question.
KiranaPro was on its upward trajectory with a target to add 100 million users and at least 1 million kirana stores on this platform. The recent has thwarted this overtime and it would put barriers in achieving these ambitions in the timeline provided. The business is at risk. The news headline blares “Quick Commerce Platform KiranaPro’s App Code Destroyed in Cyber Attack.” For any organisation it would be a bolt from the blue more so for KiranaPro with frugal resources was trying its level best to get into the fast-moving growth trajectory mode. Back Up, Back Up and BackUp can only help you.
How do you create resilience is the key to your success today? If you are unlucky, it might sniff off life out of your organisation. What is turning out to be really deadly, is the destruction of data and not just the theft of it. The “destroyed data” included the company’s app code as well as user data in the form of names, mailing addresses and payment details, on its servers. KiranaPro co-founder and CEO Deepak Ravindran shared this information with TechCrunch. Currently, although the app is online, the platform is not processing orders. If it is a data theft the breach to detection could even take a long time.
It was on the 26th of May that this incident came to light after KiranaPro executives while logging into their Amazon Web Services account. They realised that the hackers had gained access to KiranaPro’s root accounts on AWS and GitHub. How did they gain access? Hackers gained access via a former employee’s account. The company used Google Authenticator for multi-factor authentication. It was found that the authentication code had changed when executives attempted to log in last week. They also found that the Elastic Compute Cloud (EC2), which let clients access virtual computers to run their applications, was deleted. The company is in the process of filing access against its employees, who had “not submitted their credentials for accessing their GitHub accounts to check their logs.”
CYBER SECURITY MEANS ROBUST GUARDRAILS AND FAIL-SAFE RESILIENCE.
Sanjay Sahay
Have a nice evening.