If you had scanned the QR code printed on a Maggi Hot Cup label recently, you may have been led to a malicious website instead of maggi.com.my. As reported by Marketing Magazine, Nestle claims that they “accidentally printed the Mad Labs Q code on 170,000 tonnes of packages across 38 of their Maggi products.” That’s an estimated 2.6 billion packets of noodles.
Mad Labs is a tech marketing company that created the QR code. According to the MD of Mad Labs, Ron Chow, the QR code was first generated in 2014 as part of a trial run for one of Nestle’s campaigns which was slated to run for six months. However, the project was later canned.
At the end of October 2018, four years after, however, Nestle informed Mad Labs that they had accidentally printed the QR code on its products.
Scanning the QR code on the Maggi Hot Cup noodle would lead to madlabs.com.my, which would then redirect to an external malicious website afterwards.
Mad Labs’ Chow said the company’s servers were hacked on multiple occasions in 2018 and subsequently police reports were made on 29 November.
Nestle has also lodged reports to the police and relevant government authorities. A spokesperson from Nestle said that attempts to reach out to Mad Labs to divert the link back to the correct website has been unsuccessful.
Marketing Magazine also discovered that a significant number of Milo products were also linked to QR codes created and owned by Mad Labs. It was found that at least six Milo products used a QR code that links to the domain www.codr.my, also owned by Mad Labs.
The Malaysian Communications and Multimedia Commission (MCMC) has blocked access to the domain madlabs.com.my and may take similar action on www.codr.my.