When will Indian startups gonna take care of cybersecurity seriously ?

I open twitter for curiosity and this is what I see. Really dud e?

This has to be a disgruntled ex employee. Otherwise hackers dont delete code. They go after money, passwords, wallets (wazirx) etc. Deleting code? That's low.

Nobody should be given root credentials other than founders or super trusted people.

They can recover if github can give them backups. Their aws is gone i think unless they catch the ex employee who did it. They'll have to create a new account and set it up again.

Guys where do companies like Swiggy zomato or groww zerodha keep their root account credentials? I want to know how this is usually avoided? Please comment if you are infosec