Argentinian Starbucks Rewards Site Mined Monero Using Visitors’ Computers

We have seen a lot of companies use browser-embedded mining scripts to piggyback on visitors’ user resources. In virtually every case, such scripts are used to mine Monero, a very popular altcoin with a strong focus on privacy and anonymity. One thing no one would have expected is how Starbucks has embarked on such an undertaking as well. Or more specifically, the company’s in-store WiFi provider has done so. It’s a very troublesome development for Argentinian coffee lovers, to say the least.

Starbucks and Monero Mining

It is somewhat disconcerting to learn that people can’t even connect to a free WiFi network at Starbucks without having their computer resources used for nefarious purposes. More specifically, anyone connecting to Starbucks’ free WiFi network in Argentina may have noticed their computer slow down considerably. This is only normal, as the WiFi provider at Starbucks locations throughout Argentina somehow implemented a Monero mining script on the coffee giant’s rewards site.

As you would expect, there are plenty of risks associated with using public WiFi hotspots. They are anything but secure, and it now seems some of them even hijack computer resources. That is simply unacceptable, even though Starbucks itself is not to blame for this incident. Granted, it could have monitored the situation a bit better, but it also trusts third-party service providers to handle its free WiFi infrastructure. Unfortunately, it seems that trust wasn’t justified in this case.

For the time being, it remains a bit unclear how this was possible in the first place. We do know the Coinhive script was embedded on the Argentinian Starbucks reward website. This was discovered in Buenos Aires, although it is possible that locations in other cities were affected as well. Noah Dinkin, who discovered the problem, noticed a ten-second delay when connecting to the free Starbucks WiFi network, which gave the script a brief period in which to mine Monero using a visitor’s computer resources.

All of this goes to show one should be wary when it comes to free WiFi networks these days. Although there is usually a catch when using such a connection, the tradeoff can be quite steep. That’s especially true when a site mines Monero with one’s computer without displaying a warning or letting one opt out. It is a very problematic situation, which goes to show the concept of in-browser Monero mining is still quite popular in a lot of places.

Starbucks has yet to issue an official response to this news. It is evident the coffee giant may not be actively involved in the mining process, but it will certainly be scrutinized for its connection in this regard. After all, it is the company’s Argentinian rewards site which was used to mine Monero, and the company should have sole access to the backend. That doesn’t appear to be the case, though, and it is unclear whether the script in question has been removed.

The Argentinian Starbucks rewards site is only the latest in a growing list of platforms affected by hidden Coinhive scripts. Other entities affected include Showtime Networks, UFC Fight Pass, and a few others. Moreover, there is growing concern about these miners continuing to run in the background even after users have left the site or closed their browser. It is a very disturbing trend, yet it’s one that will probably continue for quite some time to come.