Cyber Incident Victim: Quebec Liberal Party

In June 2016, an unidentified white-hat hacker gained unauthorized access to the Quebec Liberal Party’s (PLQ) video conferencing system, enabling surveillance of internal meetings. The hacker exploited a security flaw in the software and discovered the system was configured with its factory-default administrator password, allowing repeated logins over an unspecified period. After accessing the platform, the individual observed multiple PLQ meetings between the party’s Quebec and Montreal branches, capturing details of discussions and recording video footage at will. To validate his claims, the hacker provided screenshots of the compromised feeds and disclosed specific meeting topics to a Le Journal de Montréal reporter, whom he contacted anonymously to relay the vulnerability. The intruder emphasized non-malicious intent, framing the intrusion as a responsible disclosure effort rather than an attack. PLQ officials later confirmed the breach but clarified that no nationally sensitive matters were discussed during the monitored sessions.

Upon being alerted to the breach via the journalist, PLQ initiated an investigation that confirmed the hacker’s access through the default credentials and software vulnerability. The party’s IT team resolved the issue within days by patching the security flaw and changing the system password, though they did not specify whether the default password or the software bug was the primary attack vector. No evidence suggested data exfiltration or additional system compromises beyond the video conferencing platform. The incident remained confined to unauthorized viewing of meetings, with no reported operational disruptions or financial impacts. PLQ did not disclose whether they notified law enforcement or implemented further security audits beyond the immediate remediation.