It's unclear who introduced the JavaScript into the websites -- it could've been a hacker, it could've been Showtime or its parent company CBS, though the latter seems less likely. But the Monero-mining scripts were written by a company called Coinhive, which provides this kind of code so that webmasters can choose to generate some revenue without having to resort to ads. The Pirate Bay did this recently. Coinhive told The Register, "We can't give out any specific information about the account owner as per our privacy terms. We don't know much about these keys or the user they belong to anyway."

The mining code is now gone from the websites and Showtime doesn't seem to want to talk about the incident. As for Coinhive, which seems to be perturbed by websites using its code without letting users know and a little irritated that it's now being blocked by adblockers, said on its website that it's working towards making its script opt-in, a move that would hopefully circumvent both issues. And in theory, prevent others from sneaking it into someone else's website.