Now, coffee shop is not just a place to sip a cup of delicious coffee, but also enjoy free internet. Unfortunately, this free internet is often unsafe because it is often hacked. Starbucks, which is one of the most famous coffee shops recently received public scrutiny after their internet connection hacked by a hacker to mine Bitcoin.
Ever since The Pirate Bay tested Coinhive on its website various actors starting using the code to take advantage of other people’s CPUs, leading to a Monero mining craze in which the code was even placed on Google Chrome extensions, and on a subscription streaming service called Fight Pass, belonging to mixed martial-arts powerhouse Ultimate Fighting Championship (UFC).
The latest case of an organization using Coinhive’s code to mine Monero with people’s CPUs is that of a Starbucks in Buenos Aires, whose Wi-Fi provider forced a 10 second delay when connecting so it could mine the cryptocurrency with people’s laptops.
The issue was found by the chief executive of a New York-based tech company, Noah Dinkin, who noticed something was off when he was connecting to the service. He then used Twitter to share what he found:
Hi @Starbucks @StarbucksAr did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer’s laptop? Feels a little off-brand.. cc @GMFlickinger pic.twitter.com/VkVVdSfUtT
— Noah Dinkin (@imnoah) 2 Desember 2017
Although Dinkin believed his laptop was being forced to mine bitcoin, users noted Coinhive only works with Monero, a cryptocurrency optimized for CPU mining that recently hit a new all-time high above $300, and that surged over 1,500% this year so far, according to data from CoinMarketCap.
A few days after Dinkin shared his findings on Twitter, Starbucks responded. The company acknowledged the issue and announced that it’s been resolved.
As soon as we were alerted of the situation in this specific store last week, we took swift action to ensure our internet provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely.
— Starbucks Coffee (@Starbucks) 11 Desember 2017
A spokesperson later on clarified that it was an isolated incident, and that the problem came from the internet service provider, not Starbucks. Speaking to Motherboard, the spokesperson added that Starbucks wants to ensure its customers are “able to search the internet over Wi-Fi securely,” and that as such the company works closely with its service provider.
Cybersecurity experts Don Smith, while speaking to the BBC, revealed that the incident shows public Wi-Fi users should ensure they used updated software, while staying on the lookout for suspicious activity. He stated:
“Always be wary when connecting to untrusted networks, public wi-fi hotspots are untrusted to you even if they are provided by a trusted brand (… ) Indeed, connecting to these networks gives the provider an ability to intercept your communications. However, we should not scaremonger unnecessarily, these can be useful services and the abuse of these services is definitely the exception not the rule.”
In a follow-up tweet, Dinkin revealed that the code was found in three separate Starbucks locations over multiple days, and that the internet service’s Terms of Service (TOS) didn’t mention the Monero mining code.