Paw Patrol snacks withdrawn after hackers hijack QR code to show porn
Lidl has been forced to recall a range of Paw Patrol snacks over concerns that a QR code displayed on the packaging has been hacked to display unsuitable content.
The recall notice affects four products All Butter and Choc Chip flavored ‘Mini Biscotti Biscuits’ and Raspberry and Apple flavored ‘Yummy Bake Bars.’
It is unclear whether the recall affects other markets, however when we contacted Lidl GB, we were told: “this is a branded limited offer product that is not part of our core range and is also stocked by other retailers.”
QR code hack
According to the notice which was shared by the supermarket firm late last month, the German discount chain was “made aware that the URL of the supplier which is featured on the back of the packaging has been compromised and is being directed to a site that is not suitable for child consumption.”
Consumers scanning the QR code on mobile devices have been sent to a Chinese page displaying ads for explicit and pornographic content.
According to TechCrunch, the domain is registered to a person located in Lianyungang, a city in China, but previously belonged to Appy Kids Co., a sub-brand of Appy Foods & Drinks and the manufacturer of the affected Paw Patrol products. Appy Food & Drinks was dissolved more than a year ago according to public Companies House records.
According to Lidl’s website, it runs and operates almost 1,000 stores across the UK. Its notice continues: “We recommend that customers refrain from viewing the URL and return this product to the nearest store where a full refund will be given.”
The company said in an email to TechRadar Pro: “As soon as this was brought to our attention, we immediately launched an investigation with the supplier that owns the URL and withdrew the item from sale. As a precautionary measure we have also issued a public recall.”
- Browse the Internet with the best privacy tools and anonymous browsers, or try installing the best firewalls
- QR codes are being used in phishing attacks against US institutions
- Some of Google’s new domain names could pose a serious security risk