Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Website of Canadian Liquor Distributor LCBO Infected With Web Skimmer

Canadian liquor distributor Liquor Control Board of Ontario said a web skimmer injected into its online store was used to steal data.

Canadian liquor distributor Liquor Control Board of Ontario (LCBO) has announced that a web skimmer injected into its online store was used to steal users’ personal data.

One of the largest liquor sellers in Canada, LCBO retails and distributes alcoholic beverages throughout the Ontario province, operating over 670 stores and employing more than 8,000 people.

Last week, the company abruptly took offline its online store and mobile application, only to later explain that it fell victim to a cyberattack in which a web skimmer was injected into LCBO.com.

“At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process,” the retailer said.

According to LCBO, all individuals who provided their personal information on the online store’s check-out pages and made payments between January 5 and 10, 2023, are impacted.

The compromised personal information, the company says, includes names, addresses, email addresses, LCBO.com account passwords, Aeroplan numbers, and credit card information.

“This incident did not affect any orders placed through our mobile app or vintagesshoponline.com,” the company said.

The company did not share information on the number of impacted customers, but said that it disabled customer access to both the online store and mobile app as a precautionary measure, and that it also forced a password reset for all user accounts.

Advertisement. Scroll to continue reading.

“LCBO.com and our mobile app have been restored and are fully operational. We have also reset all LCBO.com account passwords. Registered customers will be prompted to reset their password on login,” the company said.

Web skimmer attacks, also referred to as Magecart attacks, are typically the result of a misconfiguration or unpatched vulnerabilities that allow threat actors to inject information stealer malware into a website and harvest the information of unsuspecting users.

Magecart attacks have been around for years, with multiple groups operating under the umbrella and hundreds of online stores compromised to date. In 2019, a free service called URLscan.io was made available to help customers and retailers alike check for the presence of web skimmers.

Related: Hundreds of eCommerce Domains Infected With Google Tag Manager-Based Skimmers

Related: Target Open Sources Web Skimmer Detection Tool

Related: Web Skimmer Injected Into Hundreds of Magento-Powered Stores

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

Bret Arsenault is retiring from his full-time role after 35 years at Microsoft.

Social engineering defense platform Doppel has appointed Bobby Ford as Chief Strategy and Experience Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.