Heinz QR porn code too saucy for ketchup customer

  • Published
HeinzImage source, Daniel Korell
Image caption,
Heinz said it had taken steps to prevent the issue recurring

The food company Heinz has apologised after a QR code on a bottle of tomato ketchup directed people to a pornography website.

The company said that the code was out of date and that it was taking steps to prevent it happening again.

The issue was spotted by Daniel Korell, a customer in Germany, who reported it to the company.

The issue was illustrative of the potential dangers of QR codes, according to one security expert.

The code, which people can scan using a smartphone in order to access content online, was supposed to direct browsers to a site where users could design their own label for a bottle of Heinz Tomato Ketchup Hot, as part of a promotion by the company.

Instead, the URL was hosting porn.

"I happened to scan it during lunch and I was a bit surprised where I got redirected to," Mr Korell told the BBC. "I found it rather funny and thought it was worth [sharing] on Heinz's Facebook page."

Registration lapsed

He reported the issue to the company after spotting it in late May, telling them: "Your ketchup is probably not for minors."

He said he believed he bought the bottle recently, but that the registration of the URL had lapsed because the related promotion had ended. The site is no longer live. Mr Korell said Heinz sent him a free bottle as a thank you.

A spokesman for the company said: "Heinz in Germany has apologised for the way in which an out-of-date QR code and website link to design a Ketchup label in 2014 has been reassigned to an adult content site.

"Clearly this was never our intention and we are taking steps to avoid this reoccurring."

Graham Cluley, an online security expert, said: "QR codes can point to anywhere on the web. The problem is that humans don't have a clue where they're going to be taken because their brain can't read a QR code, like they can a regular URL.

"It seems [Heinz] failed to renew their registration of the domain name, so it slipped out of their hands and was snatched up by an opportunistic porn site.

"Maybe in future they'll think of redirecting any customers via heinz.com, rather than directly to a custom site for a specific campaign."