Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Website of Canadian Liquor Distributor LCBO Infected With Web Skimmer

Canadian liquor distributor Liquor Control Board of Ontario said a web skimmer injected into its online store was used to steal data.

Canadian liquor distributor Liquor Control Board of Ontario (LCBO) has announced that a web skimmer injected into its online store was used to steal users’ personal data.

One of the largest liquor sellers in Canada, LCBO retails and distributes alcoholic beverages throughout the Ontario province, operating over 670 stores and employing more than 8,000 people.

Last week, the company abruptly took offline its online store and mobile application, only to later explain that it fell victim to a cyberattack in which a web skimmer was injected into LCBO.com.

“At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process,” the retailer said.

According to LCBO, all individuals who provided their personal information on the online store’s check-out pages and made payments between January 5 and 10, 2023, are impacted.

The compromised personal information, the company says, includes names, addresses, email addresses, LCBO.com account passwords, Aeroplan numbers, and credit card information.

“This incident did not affect any orders placed through our mobile app or vintagesshoponline.com,” the company said.

Advertisement. Scroll to continue reading.

The company did not share information on the number of impacted customers, but said that it disabled customer access to both the online store and mobile app as a precautionary measure, and that it also forced a password reset for all user accounts.

“LCBO.com and our mobile app have been restored and are fully operational. We have also reset all LCBO.com account passwords. Registered customers will be prompted to reset their password on login,” the company said.

Web skimmer attacks, also referred to as Magecart attacks, are typically the result of a misconfiguration or unpatched vulnerabilities that allow threat actors to inject information stealer malware into a website and harvest the information of unsuspecting users.

Magecart attacks have been around for years, with multiple groups operating under the umbrella and hundreds of online stores compromised to date. In 2019, a free service called URLscan.io was made available to help customers and retailers alike check for the presence of web skimmers.

Related: Hundreds of eCommerce Domains Infected With Google Tag Manager-Based Skimmers

Related: Target Open Sources Web Skimmer Detection Tool

Related: Web Skimmer Injected Into Hundreds of Magento-Powered Stores

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.