Hey guys, so I work pre-press and I set up client artwork for a packaging printing company and something freaky has been happening to the QR codes whenever we put them into drop box
The QR codes are supposed to go to the client websites but recently the QR codes appear to alter while in the drop box after we approve them for print and then right before it’s sent to print (so it’s not caught by us, and our production team isn’t trained to triple check the artwork). And it uh… redirects to a porn website, not cool.
We suspect an ex-employee is sabotaging us (we’ve upgraded security) but i was wondering if it might be some… complicated virus?
It only happens to one of our computers, so it seems like someone is framing him, but there is absolutely no reason for an ex-employee to do that, he’s a nice guy. Which makes me also think maybe there’s some kind of… malicious program on his computer??? I’m pretty sure it’s too complicated and specific for a robot, but what do i know about that?

Looking into the version history in drop box it does appear that the original file is deleted and then reuploaded with a naughty file. The IP address is not far from our location at all, appears to be a public library.

If it is some crazy advanced virus, does anyone know what to do?? If it’s a saboteur does anyone know what to do??? Change your passwords often people!!

even if this doesn’t get solved, it’s kind of a funny story. We’ve lost thousands of dollars, but it’s still kind of hilarious.

I’d say yeah, that’s too specific to be a virus! Gotta be a person. Pretty funny though–sorry it cost you a chunk though, that’s never the funny bit.

Dropbox should show you which user uploaded the file… If it’s not that person and you believe them, it probably means the account login was compromised. Just change the password on that account, and also might as well change the password on the email address that account is linked up to.

So, here’s a question/thought, could it be a dynamic QR code that someone is altering what it links to after the fact? That way they’re not changing the code itself.

Craig, he says the timestamp is altered via a delete/re-upload.

Do what Silence suggests right away.

The part about the IP going to a local library… if you are out several thousand dollars, you have an IP address and a time stamp of the file change, notify the police. Most libraries have logs of who uses the computers, often times requiring an ID. If it is someone using the library wi-fi you might be more out of luck, but they may have access logs or security cams. If you suspect an ex-employee, you know who to look for.

Yeah we’ve changed the passwords and we have two step log in now.

We’ve notified the police and we’re trying to get the library to cooperate with us, they have security footage but they can’t release it without legal authorization, which is totally understanding.

Oh we know exactly who to look for.