"Website of Canadian Liquor Distributor LCBO Infected With Web Skimmer"

Canadian liquor distributor Liquor Control Board of Ontario (LCBO) has recently announced that a web skimmer injected into its online store was used to steal users’ personal data.  One of the largest liquor sellers in Canada, LCBO retails and distributes alcoholic beverages throughout the Ontario province, operating over 670 stores and employing more than 8,000 people.  Last week, LCBO abruptly took offline its online store and mobile application, only to later explain that it fell victim to a cyberattack in which a web skimmer was injected into LCBO.com.  The company stated that all individuals who provided their personal information on the online store’s check-out pages and made payments between January 5 and 10, 2023, are impacted.  The compromised personal information, the company says, includes names, addresses, email addresses, LCBO.com account passwords, Aeroplan numbers, and credit card information.  The company noted that this incident did not affect any orders placed through its mobile app.  LCBO did not share information on the number of impacted customers but said that it disabled customer access to both the online store and mobile app as a precautionary measure and that it also forced a password reset for all user accounts.  LCBO.com and its mobile app have been restored and are fully operational now.  Web skimmer attacks also referred to as Magecart attacks, are typically the result of a misconfiguration or unpatched vulnerabilities that allow threat actors to inject information stealer malware into a website and harvest the information of unsuspecting users.

SecurityWeek reports: "Website of Canadian Liquor Distributor LCBO Infected With Web Skimmer"