A Starbucks in Buenos Aires, Argentina was mining Monero (XMR) on customer’s devices without their permission. Twitter user Noah Dinkin noticed that a Starbucks location in Buenos Aires was utilizing their WiFi captive sign-in portal to force a 10-second delay when users first connected to the wifi in order to mine Monero. The user originally assumed that the Starbucks WiFi was attempting to mine Bitcoin, but it was in fact mining Monero. XMR is currently trading at $286.27 according to the Block Explorer Monero Price Index.
Hi @Starbucks @StarbucksAr did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop? Feels a little off-brand.. cc @GMFlickinger pic.twitter.com/VkVVdSfUtT
— Noah Dinkin (@imnoah) December 2, 2017
Starbucks has not responded to the outcry on social media about their use of Coinhive
The Palo Alto Networks Research Center has stated that they have seen 36,842 instances of Coinhive being implemented. Out of these 36,842 instances, they claim that a large quantity of these fall into the category of ‘compromised’, likely being the result of malicious script injection into vulnerable servers. In some cases, multiple copies have been injected and use up 100% of the user’s available resources. One specific payee identity alone is tied to over 35,000 of these instances.
Edit: Since the time of writing, Starbucks issued the following statement:
As soon as we were alerted of the situation in this specific store last week, we took swift action to ensure our third-party support provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely.