A user, named Noah Dinkin recently revealed in a Twitter post that Starbucks’ free in-store WiFi in Buenos Aires was secretly hijacking customers’ laptops to mine cryptocurrency. The hijack was revealed on Dec. 2 when Stensul CEO Noah Dinkin noticed a 10 second delay while connecting to the public WiFi at a Starbucks cafeteria in Buenos Aires, Argentina.
After a little research, he found out that customers who were trying to access the free WiFi were having their electronic devices infected with a malicious code which was mining cryptocurrencies. After the post went viral, Starbucks did apologize for the mishap, but after several customers exposed to the hijack.
How did they do it?
Dinkin revealed that he uncovered a suspicious code embedded in Starbucks’ reward-site for Argentina that happened to be Coinhive’s code used to generate Monero coins using the CPU processing power of the site’s visitors.
Covert cryptocurrency mining has been this year’s hot topic. Websites which surreptitiously use visitors’ CPUs to mine cryptocurrency are extremely controversial. The code has the ability to hide as pop-under windows and remain open indefinitely. Further processing and slowing laptops and other devices. Such behavior might be expected of anarchist webmasters, but it’s hard to imagine global corporations stooping so low.
Hi @Starbucks @StarbucksAr did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer’s laptop? Feels a little off-brand.. cc @GMFlickinger pic.twitter.com/VkVVdSfUtT
— Noah Dinkin (@imnoah) December 2, 2017
Here’s what Starbucks replied:
As soon as we were alerted of the situation in this specific store last week, we took swift action to ensure our internet provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely.
— Starbucks Coffee (@Starbucks) December 11, 2017
The company has also confirmed to Motherboard that this issue was confined to the Beunos Aires location, and that the issue was with the service provider and not Starbucks itself.