Heinz takes the heat over saucy porn QR code

Graham Cluley

SauceWhen you reach for a bottle of Heinz Hot Ketchup, you might find yourself end up on the receiving end of the wrong kind of hot stuff.

As BBC News and Bild report, that’s what happened to German ketchup lover Daniel Korell after he found a QR code on the side of a bottle of Heinz tomato ketchup was taking him to a pornographic website.

Korell reported the issue to Heinz, informing them that their ketchup “probably not for minors.”

That’s quite a pickle Heinz found itself in, and the company offered Korell a free bottle.

The FunDorado adult website, meanwhile, offered Korell a free membership, presumably delighted by the extra umm.. exposure.

QR code on sauce bottle

It’s worth remembering that QR codes can point to anywhere on the web. Feeble human brains don’t have a clue what a QR code is trying to say until the code is scanned, because the brain can’t read a QR code like they can a regular URL.

But in this case, it seems that Heinz failed to renew their registration of the domain name, allowing it to slip out of their hands before it was ultimately snatched up by an opportunistic x-rated site.

Maybe in future the marketing team will think it wiser to direct any future QR code through the official Heinz website, which they (hopefully) will always have control over, rather than a domain set up for a specific campaign.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Heinz takes the heat over saucy porn QR code”

  1. That's what's always put me off scanning QR codes. It might link to anything, inclusive of malware or illegal sites. They're a bit of a fad really if you ask me, and are flawed not only because scanning one is the equivalent of using a 'glory hole' but also because it's a lost opportunity (from a marketing perspective) to promote a human-readable url to a wider audience who might not be willing or able to scan things.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES