As soon as hackers take down your account, you normally get to see suspicious posts that might revolve around deals on products or stuff that you would never like buying online. But how about a situation where hackers plan to infiltrate the account of Facebook’s biggest data partners? Yes, we are going to talk about thousands of dollars and credit cards being stolen in a similar case.
Recently, hackers got access to the personal account of LiveRamp’s employee, only with the aim to get control over the Business Manager’s account and hoping to run scam through the ads with other’s money being spent on them.
By doing so, they successfully attacked one of Facebook’s most prominent data partners, however, the damage was still contained. The incident affected a limited number of LiveRamp customers and associated Ad Accounts, while Facebook actively informed the affected parties about it.
Although LiveRamp didn’t tell the exact number of customers who got affected by the hack and stated that the company has their security measures in place, especially for employees who deal with Facebook ads accounts, but there is one thing for sure that thousands of victim’s dollars were spent into tricking users buy fake products. Facebook, on the other hand, did confirm later in November that personal account of an admin for a Business Manager account but didn’t mention LiveRamp directly.
Nevertheless, LiveRamp and Facebook worked together to cut down unauthorized access and restore the functionality back to normal for its users.
This isn’t the first time that hackers targeted the hub of Facebook’s empire - the advertisers. As advertising has been Facebook's lifeline for a long period of time — considering how it is expected to add up $84 billion in revenue in 2020 with 2.2 billion users, the social media giant is becoming more and more effective with targeted ads. The company is facilitating businesses from around the world in the best way possible and hackers had to pay attention to their success.
Hence, the bad guys knew that they could scam countless people through the tools that marketers use on the social network.
So LiveRamp for Facebook helps advertisers target ads on the basis of data derived from a user’s offline activities and they also integrated Facebook’s Offline Conversions API to help the same advertisers see the effectiveness of their marketing campaigns with knowing how many people actually bought the product.
Liveramp doesn’t run ads on behalf of Facebook itself but it still has access to do so being a Facebook approved partner. Hence, when hackers ran a series of ads on LiveRamp's customer accounts on Facebook, one of the ads was viewed more than 60,000 times and further directed users to a page that was made to steal the credit card details of users.
However, Facebook only goes with the policy of recommending these security measures and not making it a requirement even for its big partners like LiveRamp which is a big problem actually.
Marcin Kleczynski, CEO of cybersecurity company Malwarebytes raised the concern regarding how Facebook doesn’t require separate Business Manager account and instead users can manage their multi-million dollar pages all through their personal profiles.
He further questioned that why Facebook never opted for higher standards when it comes to bigger partners, especially after knowing how people go for poor security habits including reusing the same password everywhere or not turning on two-factor authentication.
Honestly, till the time Facebook doesn’t make important security measurements a requirement, cybercriminals would have a better chance to have access to million-dollar advertising campaigns all by attacking personal profiles.
Photo: Digital Information World.
Read next: Facebook will pay $550 million in Settlement for improperly collecting biometric data
Hat Tip: Cnet.
Recently, hackers got access to the personal account of LiveRamp’s employee, only with the aim to get control over the Business Manager’s account and hoping to run scam through the ads with other’s money being spent on them.
By doing so, they successfully attacked one of Facebook’s most prominent data partners, however, the damage was still contained. The incident affected a limited number of LiveRamp customers and associated Ad Accounts, while Facebook actively informed the affected parties about it.
Although LiveRamp didn’t tell the exact number of customers who got affected by the hack and stated that the company has their security measures in place, especially for employees who deal with Facebook ads accounts, but there is one thing for sure that thousands of victim’s dollars were spent into tricking users buy fake products. Facebook, on the other hand, did confirm later in November that personal account of an admin for a Business Manager account but didn’t mention LiveRamp directly.
Nevertheless, LiveRamp and Facebook worked together to cut down unauthorized access and restore the functionality back to normal for its users.
This isn’t the first time that hackers targeted the hub of Facebook’s empire - the advertisers. As advertising has been Facebook's lifeline for a long period of time — considering how it is expected to add up $84 billion in revenue in 2020 with 2.2 billion users, the social media giant is becoming more and more effective with targeted ads. The company is facilitating businesses from around the world in the best way possible and hackers had to pay attention to their success.
Hence, the bad guys knew that they could scam countless people through the tools that marketers use on the social network.
Why Was LiveRamp Worth It?
Besides being a big data partner for Facebook, LiveRamp is a marketing powerhouse that has earned its name for matching data from the real world actions to online identities, helping advertisers more than their expectations. Thus that is also the reason why LiveRamp is favorite of more than 300 businesses and data providers which includes big names like Google, MasterCard, Uber, Snapchat, Spotify and Equifax.So LiveRamp for Facebook helps advertisers target ads on the basis of data derived from a user’s offline activities and they also integrated Facebook’s Offline Conversions API to help the same advertisers see the effectiveness of their marketing campaigns with knowing how many people actually bought the product.
Liveramp doesn’t run ads on behalf of Facebook itself but it still has access to do so being a Facebook approved partner. Hence, when hackers ran a series of ads on LiveRamp's customer accounts on Facebook, one of the ads was viewed more than 60,000 times and further directed users to a page that was made to steal the credit card details of users.
Facebook’s Security
Facebook continuously reminds its users of a number of security tools which primarily includes two-factor authentication and login alerts, just so that one should know if a hacker has tried to intrude. The social network even offers Security Center page for business accounts, along with a recommendation that businesses should go for quarterly security cleanups to make sure that employees don’t have unnecessary access.However, Facebook only goes with the policy of recommending these security measures and not making it a requirement even for its big partners like LiveRamp which is a big problem actually.
Marcin Kleczynski, CEO of cybersecurity company Malwarebytes raised the concern regarding how Facebook doesn’t require separate Business Manager account and instead users can manage their multi-million dollar pages all through their personal profiles.
He further questioned that why Facebook never opted for higher standards when it comes to bigger partners, especially after knowing how people go for poor security habits including reusing the same password everywhere or not turning on two-factor authentication.
Honestly, till the time Facebook doesn’t make important security measurements a requirement, cybercriminals would have a better chance to have access to million-dollar advertising campaigns all by attacking personal profiles.
Photo: Digital Information World.
Read next: Facebook will pay $550 million in Settlement for improperly collecting biometric data
Hat Tip: Cnet.