kingfisher
Just plain, simple Alex 
Never in my life would I expected a cybersecurity issue (at least not a non-food safety issue) to result in a food recall
Add this to your risk assessments
GreenSkyOverMe (Monika)@PlainSimpleAlex Image description:
RECALL.
Paw Patrol snacks from Lidl.
All Butter Mini Biscotti Biscuits, Choc Chip Mini Biscotti Biscuits, Yummy Bake Bars Raspberry Flavour, Yummy Bake Bars Apple Flavour.
Website URL published on packaging has been compromised and contains explicit content unsuitable for children.
Refrain from viewing the website and return product to the nearest Lidl store for a full refund.
Photo of biscuit packages with dogs.
RECALL.
Paw Patrol snacks from Lidl.
All Butter Mini Biscotti Biscuits, Choc Chip Mini Biscotti Biscuits, Yummy Bake Bars Raspberry Flavour, Yummy Bake Bars Apple Flavour.
Website URL published on packaging has been compromised and contains explicit content unsuitable for children.
Refrain from viewing the website and return product to the nearest Lidl store for a full refund.
Photo of biscuit packages with dogs.
ArtemisThanks for adding an image description!
I Can't Believe It's Not Zero!@PlainSimpleAlex @HoffmanLabs honestly I’d rather my kids end up on an adult website than paw patrol….
amonshiz
James Widman> "explicit content unsuitable for children"
i assume they're referring to the copaganda that's plainly indicated on the box
wifi_freakWhat does "compromised" mean here? Did someone hack the CMS or have they simply forgotten to extend the printed domain and someone else grabbed it and placed stuff there?
Midnight 🚀@wifi_freak @JamesWidman @PlainSimpleAlex Seems to be more similar to the latter: the company went out of business, and so the domain name was not extended, and someone else grabbed it.
Thea@PlainSimpleAlex Do we know anything about what the compromised website is and how it came to be out of their control?
nick@foundthefault @PlainSimpleAlex It appears to have been a website for the distributor which was lapsed in late 2022 and has been picked up by a porn site perhaps from China?
(On review: a whole lot of difficult-to-explain-to-small-children thumbnail vids with affilliiate links to other porn sites, I think. Yeah this is kind of work for me because I can file it under "things to warn my clients about")
Jo Shields@PlainSimpleAlex @voltagex the first UK printing of The Matrix 3 on DVD had a typo, warnerbos dot co dot uk. Which I bought and redirected to goatse
Adam ♿@voltagex @PlainSimpleAlex which makes me think it's a typo in the domain in this case
A compromised server they could just shut down. If they can't, then the packaging is pointing to someone else's server
@directhex @voltagex @PlainSimpleAlex lapsed rego I suspect, as of a couple of years back (on archive.org) it looked like a legit site for a distributor of paw patrol branded snacks under .com but they have a new .co.uk domain now and perhaps just abandoned the old one?
I normally wouldn't post porn URLs but for science: appy kids co dot com ... you can just make it out if you search for high resolution images of the box pictured in the recall.
Yeah, this is the kind of thing I have to warn clients about. A domain is for life, not just for Christmas 😉
Hunter Gough 🍦🌹
20thcenturyliterarymystery@20centuryliterarymystery @PlainSimpleAlex @voltagex on the advice of friends I switched the redirect to a very negative review of the movie by internet personality "Maddox"
ajft [SEC=continvoucly morged]@PlainSimpleAlex what's the bet they made a typo on the packaging and someone realised and bought the typo domain
ospalh@ajft @PlainSimpleAlex
Idk, might also be they made a typo and the target website already existed and has always been explicit cop dog play.
For a site registered afterwards i'd be expecting malware and phishing, which is not in the warning.
Idk, might also be they made a typo and the target website already existed and has always been explicit cop dog play.
For a site registered afterwards i'd be expecting malware and phishing, which is not in the warning.
@ospalh @PlainSimpleAlex reading all the articles I could find, sounds as though the packaging was done by a promotions company, the URL pointed to the promo co. website, promo co. is now out of business & someone typo. squatted on them
Nicolas Le Gland@ajft @ospalh https://web.archive.org/web/20211128200225if_/https://www.appykidsco.com
Currently, http://www.appykidsco.com loads https://weekendhei.com when viewed on mobile or https://batit.aliyun.com otherwise. The domain lapsed after the company was dissolved in 2022: https://www.reddit.com/r/CasualUK/comments/165l0n8/comment/jyeichf
Alfaj0r@nicolaslegland OOOOF :O
Heath Borders
Zach Leatherman@PlainSimpleAlex OK, but what's the URL? 😀
@luvcraft https://web.archive.org/web/20211128200225if_/https://www.appykidsco.com
Currently, http://www.appykidsco.com loads https://weekendhei.com when viewed on mobile or https://batit.aliyun.com otherwise. The domain lapsed after the company was dissolved in 2022: https://www.reddit.com/r/CasualUK/comments/165l0n8/comment/jyeichf
@PlainSimpleAlex this is new
Mind that magnifies the smalle@PlainSimpleAlex ''Chase is on th--oh my god''
Pēteris Krišjānis@PlainSimpleAlex have they have heard about those nice little things called URL redirects?
Dinand Mentink@PlainSimpleAlex A more reasonable approach would be to hand out some free sharpies.
Shroom@PlainSimpleAlex omg its real
YingtaiUrgent recall: Paw Patrol snacks from Lidl
Website URL published on packaging has been compromised and contains explicit content unsuitable for children.
Refrain from viewing the website and return the product to the nearest Lidl store for a full refund.
Flavours and photos of packaging.
There is also a mysterious small heading at the top that says "Which?" Edit: turns out this is the name of a UK consumer advice magazine.
John Chivall
@johnchivall aha, thanks! Edited to add the explanation.
@PlainSimpleAlex please feel free to use my image description above!
Note: I couldn't fit the full list of flavours into 500 characters but maybe they're not essential.
@PlainSimpleAlex
how they manage that?!
how they manage that?!
Matthew Flint@PlainSimpleAlex
Guessing they either typo’d the web address on the packet, or forgot to renew the domain.
If this were a cyber issue, they wouldn’t need to recall anything.
Guessing they either typo’d the web address on the packet, or forgot to renew the domain.
If this were a cyber issue, they wouldn’t need to recall anything.
Janne Oksanen@PlainSimpleAlex I think @leo should bring this up in the next episode of Security Now.
@PlainSimpleAlex damn. This is a case for paw patrol.... Oh wait...
Eddie Coldrick 💻@PlainSimpleAlex Fascinating. Do you know whether the site is actually compromised or they just forgot the renew the domain?
@eddie https://web.archive.org/web/20211128200225if_/https://www.appykidsco.com
Currently, http://www.appykidsco.com loads https://weekendhei.com when viewed on mobile or https://batit.aliyun.com otherwise. The domain lapsed after the company was dissolved in 2022: https://www.reddit.com/r/CasualUK/comments/165l0n8/comment/jyeichf
baldygeezer@PlainSimpleAlex Do you reckon we'd get away with eating them first?
Daniela Kubesch@PlainSimpleAlex new fear unlocked 😳
nicki xaphania mouse 🐁@PlainSimpleAlex that's kinda hilarious
Dagnabbit, Pascaline! 💥@PlainSimpleAlex
Wow.
Gosh, this takes me back to a class years ago when I warned about QR codes; they can, unfortunately, so easily be misused because there is no visible text and a child, and even adults, can be tricked into visiting something they don't want to visit.
Same applies to these doomed shortened links I have been fulminating about for ages.
Wow.
Gosh, this takes me back to a class years ago when I warned about QR codes; they can, unfortunately, so easily be misused because there is no visible text and a child, and even adults, can be tricked into visiting something they don't want to visit.
Same applies to these doomed shortened links I have been fulminating about for ages.
Patrick H. Lauke@PlainSimpleAlex for some reason, flashed right back to Brass Eye's "panto the dog" site from the infamous Paedogeddon episode...
@PlainSimpleAlex hahaha, they probably refused the intern who did the whole site 😂
Skyr@PlainSimpleAlex P0rn patrol? *scnr* 😆
Steve Hill 🏴🇪🇺@PlainSimpleAlex So, did they actually print a legitimate URL which has now been compromised (surely the domain owner could easily point it at a different server), or did they misprint a URL that already contained porn / allow the domain to lapse and its been reregistered by someone else?
Lucas Treffenstädt
Abigail Goben@PlainSimpleAlex the children's librarian historical version of this was a 1-800 number listed in a book about fairies that was no longer owned by the publisher. Fortunately we could address that one by ripping out all of the contact us cards in the books
Tin Bee 🥫🐝@PlainSimpleAlex
The site must be loving the free publicity. I can picture loads of dads going to the site "just to see what it is"…
The site must be loving the free publicity. I can picture loads of dads going to the site "just to see what it is"…
Annie@PlainSimpleAlex reminds me of the sesame street YouTube channel hijacking
Jenni S@PlainSimpleAlex “Refrain from viewing the website”
@PlainSimpleAlex Oh boy! Digging into this a little further, the recall calls it a "compromised" website, but TechCrunch notes the company that made the treat went out of business in 2022 (https://techcrunch.com/2023/09/01/lidl-recalls-paw-patrol-snacks-after-website-on-packaging-displayed-porn/).
So, the company made the product (in early 2022?) put their current URL on it, but then went out of business and let their domain lapse. Someone re-bought the URL and is hosting explicit content on it? That's not really a security failure, but is an interesting edge case!
Tony WellsOK, who thought this was just a satirical internet post?
Ben Stokman@PlainSimpleAlex and why is the best action recalling the boxes, not like, fixing the URL. Do they not own the domain or something?