Revenge code? Ex-employee in Bengaluru crashes grocery app after layoff

A dramatic cyber breach at Bengaluru-based grocery-tech startup KiranaPro has uncovered a bitter truth in the digital economy of the present day—startups can be as susceptible to insider attacks as they are to outsider cyberattacks.

What had seemed to be a sophisticated hack proved to be an act of corporate sabotage by an erstwhile employee who had been fired but still had access to important systems.The breach happened in early June 2025, soon after KiranaPro started layoffs due to financial stress. As per the company's leadership, including CEO Deepak Ravindran, the former employee was able to erase parts of the company's backend infrastructure, such as GitHub code repositories, cloud logs, and some AWS-hosted services.

Most importantly, it became possible due to the lapse in revoking access credentials once the employee had made a mistake that costed them dearly.Although the extent of the incident was serious, the company has assured that customer information was not breached. Due to internal backups, especially those located locally by other employees, KiranaPro managed to recover most of its system. Internal operations were disrupted briefly, though no core customer-facing services were directly impacted, though.

The company subsequently lodged a police report and launched legal action against the perpetrator.

Security vulnerabilities meets financial stress

Although the act of sabotage itself was headline news, the circumstances behind it provide a clearer picture of the dangers many startups ignore. KiranaPro was reportedly struggling with the late payment of salaries to current and former staff at the time of the breach. Although the company hasn't attributed the delay to the sabotage, the timing has raised eyebrows about how financial woes can feed internal discontent.The attack also highlights a rising but underappreciated threat across the tech sector—internal users with admin-level privileges and unresolved grudges. Insiders have an advantage over external hackers in that they know the guts of a system, its vulnerabilities, and where to do the most harm. In this instance, no sophisticated malware or phishing was necessary; only a set of credentials and a motive were enough.The initial assumption by the startup that it had been hacked externally introduced a time lag between finding the real cause. Forensic tests were not done before the team arrived at the conclusion that there was no involvement of an outside entity. The breach was completely homegrown.

What do we learn from this?

KiranaPro's experience is a case study in the consequences that result when HR procedures and cybersecurity measures do not intersect.

First, deactivation of credentials at offboarding has to become business-as-usual, particularly for firms dealing in sensitive infrastructure. Second, multi-level authentication and real-time activity tracking by administrative users have to become business as usual.

Third, isolated and encrypted regular backups need to be treated as non-negotiable assets rather than optional layers.Finally, there is the human element.

Startups need to understand that financial slowness, communication breakdown in layoffs, and insufficient emotional intelligence in employee transitions can all be building blocks of a poisonous culture, one in which digital revenge will indeed be an outcome.KiranaPro might have restored its data, but the actual warning is elsewhere: in an expanding environment where technicality takes precedence over procedural protection, even a single mistake can be the source of a breach not from the outside but from within.