The Canadian distributor of alcoholic beverages Liquor Control Board of Ontario (LCBO) was attacked by Magecart, which led to the compromise of personal data of users.

LCBO is one of the largest sellers of alcoholic beverages in Canada and sells alcoholic beverages throughout the province of Ontario, operating more than 670 stores with a total staff of almost 8000 people.

Last week, the company suddenly shut down its online store and mobile app, but later explained that it was the victim of a cyberattack during which the site LCBO.com a web skimmer was implemented.

According to the company's statements, all persons who provided their personal information on the checkout pages in the online store and made payments in the period from January 5 to January 10, 2023 are affected.

According to the company, the compromised personal information includes names, addresses, email addresses, account passwords LCBO.com , Aeroplan numbers and credit card information.

As a first precaution, the company disabled customer access to both the online store and the mobile application, and also forcibly reset passwords for all user accounts.

LCBO did not share information about the number of affected customers, but said they were continuing to investigate the incident.

However, researchers from Recorded Future reported that over the past three months, the website was visited by an average of 3,058,000 people per month, of which 94% were in Canada and 3% in the United States. 

Based on the potential number of affected customers, this incident was among the five largest monthly electronic skimming infections in the Recorded Future rating for December.

There are no technical details of the Magecart attack yet, but this is usually the result of an incorrect configuration or uncovered vulnerabilities that allow attackers to introduce malware to steal information.

What is known is that hackers have embedded jаvascript on the website, which allowed them to exfiltrate the data stolen from the checkout page.

The researchers of Recorded Future stated that since August 2020 they have already seen this form of hacking on various resources