Hackers Hijacked an Internet Provider to Mine Cryptocurrency with Laptops In Starbucks

When Noah Dinkin, CEO of Stensul, a platform that helps marketers craft emails, visited a Starbucks in Buenos Aires last week, he discovered that the store’s Wi-Fi provider was hijacking his laptop to mine a digital currency. At the time, a Starbucks spokesperson stated that the issue was resolved quickly and wasn’t widespread, but Dinkin disagreed on the latter point. “This was observed by a friend and I in three separate Starbucks stores in Buenos Aires over multiple days following my original tweet, that week,” he wrote on Twitter on Wednesday. “It wasn't just one store.”

The Argentine internet provider responsible for Starbucks’ Wi-Fi in Buenos Aires—Fibertel— blamed hackers for planting the miner code on their network.

“Fibertel detected a security intrusion on one of the equipment that forms part of the Wi-Fi access solution that [we] provide to our client Starbucks Argentina,” Fibertel spokesperson Florencia Marcote said in an email. “The incident was identified and solved immediately by the specialized support.”

“It is not about any Fibertel practice, but an intrusion of security,” Marcote continued.

Cryptocurrency miners hijack your computer’s resources—usually your CPU—to crunch some math problems in order to generate digital coins. These scripts can impact your computer’s performance.

Dinkin noticed a 10-second delay when connecting to the Starbucks location’s Wi-Fi, so he checked the source code of the landing page and found a script for CoinHive, a popular embeddable cryptocurrency miner. Over the next few days, he and a friend checked at two more Starbucks locations in Buenos Aires and found the same code in both.

“Our stores are where a lot of our customers go to do personal things and conduct business, so we want to make sure that they’re safe and secure,” Reggie Borges, a Starbucks spokesperson, said over the phone. “Any time we see something that could happen in other places, we have to check it to make sure there’s no vulnerabilities and take next steps.”

According to Fibertel, the issue was isolated to Buenos Aires and has been resolved.

“This happened only [locally] in Buenos Aires and is completely solved since last week,” spokesperson Marcote wrote in an email.

With the value of cryptocurrencies skyrocketing, the incident in Argentina may be a pale horse as criminals continue to find ways to get other people to generate digital coins for them.