Magecart Attack: Hacker steals credit card info from Canada’s largest alcohol retailer

January 26, 2023

The LCBO, a major Canadian retailer, recently experienced a cybersecurity breach that compromised the personal information of thousands of customers. The incident, which was discovered on January 10th, affected the client-side of the company’s website through which LCBO conducts online sales. It resulted in the unauthorized access of sensitive information such as names, addresses, email addresses, LCBO.com account passwords, Aeroplan numbers, and credit card information. 

LCBO has stated “At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process.” 

The retailer said: “Unfortunately, customers who provided personal information on our check-out pages and proceeded to our payment page on LCBO.com between January 5, 2023, and January 10, 2023, are impacted.” 

The compromised personal information, the company says, includes names, addresses and email addresses.

Magecart Attack

Experts identified the web skimmer as a Magecart web skimmer. The malicious code injected was inside a Google Tag Manager (GTM) snippet encoded as Base64 to avoid detection. The use of legitimate tools like Google service is an ongoing practice by hackers to avoid detection. Once the Malicious script was loaded it allowed hackers to gain access to customer data from within the client-side environment. This highlights the importance of employing security controls within the client-side to mitigate these types of risks.

The incident at LCBO serves as a reminder that no company is immune to cybersecurity threats. This includes regularly updating software, implementing proper security controls on both the server-side and client-side of their applications, and properly training employees on how to respond to security threats to ensure that customer data is protected against the e-skimming security threats. In the wake of the breach, the LCBO has taken steps to address the issue and prevent similar incidents from happening in the future. This includes conducting a thorough investigation, updating software and security controls, and informing affected customers of the incident.

By staying vigilant and taking the necessary steps to protect their systems and customer information, online retailers can minimize the risk of a similar incident happening to them.

Malicious code can lie undetected right under the users' fingertips. Meanwhile, it captures their data from form fills, chatbots, and financial transaction pages.

Protecting Against Magecart Attacks

Client-side application security solutions and the use of automated tools to identify and report on web assets and related data can help organizations maintain appropriate defense levels.

If you’re an existing Feroot Security customer you already have detection and prevention against client-side attacks such as magecart, e-skimming, formjacking and others. Please ensure that alerts and controls are enabled. 

Not a Feroot customer? Schedule a chat with one of our client-side security experts to see how you can gain better visibility into your client-side attack surface.

Free Assessment

Security for Everyone that Visits Your Website

Find out if your web application is hiding vulnerable, malicious, or dangerous code that could damage your customers and your business. No payment information required.