Attackers injected malicious code into the LCBO website, allowing hackers to steal information about the victim when placing an order.
The Ontario Liquor Control Commission (LCBO), which sells alcoholic beverages at retail, spoke about a cyberattack that occurred on January 10th. According to the LCBO, the Magecart group is behind the cyber incident.
The commission said the hackers hacked into the LCBO website and injected it with malicious code that was used to steal customer credit card information at checkout. Therefore, the information of customers who paid for alcohol through the site between January 5, 2023 and January 10, 2023 could be compromised. In the hands of the attackers fell:
Passwords from LCBO.com accounts;
Information about credit cards.
The Commission noted that the cyber attack did not affect users who made payments through the LCBO mobile application or vintagesshoponline[.]com.
IT professionals continue to investigate the attack to identify affected customers and notify them of what happened. In addition, the LCBO website and app are temporarily down for the duration of the investigation.