Wi-Fi at Starbucks hijacked computers to mine cryptocurrencies
The issue was initially reported early in December by an executive of a New York-based technology company, who noticed that while he got coffee in a Starbucks store in Buenos Aires, his laptop received a malicious crypto-currency mining code.
Hi @Starbucks@StarbucksAr did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop? Feels a little off-brand.. cc @GMFlickingerpic.twitter.com/VkVVdSfUtT— Noah Dinkin (@imnoah) December 2, 2017
While the initial report stated the malicious code was mining bitcoins, other Twitter users pointed out that the website hosting the script was mining another cryptocurrency, monero.
Starbucks acknowledged the issue on Monday. The coffee giant said it had investigated the report and “took swift action to ensure our internet provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely.”
As soon as we were alerted of the situation in this specific store last week, we took swift action to ensure our internet provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely.— Starbucks Coffee (@Starbucks) December 11, 2017
The malicious code problem appeared to be not widespread, but a local one, according to the company, which shifted the blame for the script injection onto its Wi-Fi provider.
“Last week, we were alerted to the issue and we reached out to our internet service provider—the Wi-Fi is not run by Starbucks, it's not something we own or control,” Starbucks’ spokesperson told the Motherboard. “We don't have any concern that this is widespread across any of our stores.”
The monero token appears to be quite popular with so-called “crypto-jackers,” as it can be mined on home computers without any specialized hardware. The Starbucks’ acknowledgment has come at the same time as a report alleging that a number of popular video sites, including Openload, Streamango, Rapidvideo, and OnlineVideoConverter, have been infecting users’ devices with a code to mine monero.