Cyber attackers compromised the website of the Liquor Control Board of Ontario and stole the personal information of customers who bought products online, the retailer has admitted.
The Crown corporation said in a news release Thursday, “At this time, we can confirm that an unauthorized party embedded malicious code into our website, which was designed to obtain customer information during the checkout process. “
“Unfortunately, customers who provided personal information on our check-out pages and proceeded to our payment page on LCBO.com between January 5, 2023 and January 10, 2023 may have had their information compromised. This may include name, email and mailing addresses, Aeroplan number, LCBO.com account password and credit card information. This incident has not affected any orders placed through our mobile app or vintageshoponline.com.”
The retailer is still investigating the hack to identify specific customers affected so it can communicate with them directly. Out of an abundance of caution, customers who initiate or complete payment for an order on LCBO.com during this window are advised to monitor their credit card statements and report any suspicious transactions to their credit card providers. .
“With a thorough review and testing of the website, including improved security and monitoring measures, LCBO.com and our mobile app have been restored and are fully operational,” the board said. It has also forced people with LCBO.com accounts to reset their passwords.
There are many types of website compromise, but the addition of code – usually JavaScript – to scrape customer information or insert a fake checkout page is broadly referred to as a Magecart attack. according to ImpervaVictims of Magecart attacks include sites that run Adobe’s open-source Magento e-commerce platform (hence the name Magecart). Victims of Magecart-style attacks include British Airways, children’s apparel maker Hanna Andersen, and even Amazon S3 buckets.
IT World Canada Many others have been reported including WooCommerce Installation And Restaurants using the MenuDrive, HarborTouch and InTouchPos systems.
Sansec researchers believe that from 2010 to mid-2022, more than 70,000 compromised online stores contained a digital skimmer at one point. More than 100,000 stores were affected, including the victims of the supply chain attack. Sansec says there are over 200 different Magecart malware families,
Common targets are e-commerce platforms such as Magento, WooCommerce, Prestashop, Opencart and Bigcommerce, as they are used by so many online retailers.
Imperva says that to reduce the risk of Mazcart and other types of client-side attacks, retailers should:
- Identify third-party JavaScript – Create a list of all third-party JavaScript code on their websites.
- Ask third party vendors to audit their code – To make sure it is their original code and does not contain any malicious instructions or malware.
- Switch from third-party to first-party services – Whenever possible, prefer to run software on your own servers and do not use third-party services. This can prove to be a challenge, as most storefronts today rely heavily on third-party vendors.
- implement HTTP Content-Security-Policy header – Which provides an additional layer of protection against cross-site scripting (XSS), clickjacking, and other code injection attacks.
