The free Wi-Fi at a Starbucks store in Argentina was hacked to infect customers' personal devices with a code used to mine cryptocurrencies, the coffee giant has confirmed.
The threat was initially reported by an executive of a New-York based tech firm, who noticed the malicious code on his laptop while getting coffee at Starbucks in Buenos Aires.
Hi @Starbucks @StarbucksAr did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop? Feels a little off-brand.. cc @GMFlickinger pic.twitter.com/VkVVdSfUtT
— Noah Dinkin (@imnoah) December 2, 2017
While the man's initial tweet tied the code to Bitcoin mining, other Twitter users pointed out that the code's host site was also mining Monero, another cryptocurrency.
Starbucks responded to the report Monday, saying it had investigated the issue and taken "swift action to ensure our internet provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely."
The company added that the malicious code appeared to be a local issue, shifting the blame onto its area Wi-Fi provider.
"Last week, we were alerted to the issue and we reached out to our internet service provider—the Wi-Fi is not run by Starbucks, it's not something we own or control," said one Starbucks' representative. "We don't have any concern that this is widespread across any of our stores."
As soon as we were alerted of the situation in this specific store last week, we took swift action to ensure our internet provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely.
— Starbucks Coffee (@Starbucks) December 11, 2017
Monero appears to be a popular choice for "crypto-jackers," as it can be mined on personal computers without specialized hardware, and because it cannot be traced according to its founders.
The Starbucks report emerged at the same time as allegations that frequented video sites, including Streamango, Rapidvideo, Openload and OnlineVideoConverter, are infecting users' devices with Monero-mining codes.