Big marketing company is hacked; criminals spend thousands of dollars on fake Facebook ads about penis enlargement pills

Many times hackers target individual social media users, mainly Facebook, to show them ads that might interest them, such as unusual discounts on various products. However, data protection experts mention that, by attacking major companies, such malicious campaigns can reach an incredible amount of unsuspecting users looking to extract data from their payment cards.

This is precisely what happened in October 2019, when a group of hackers took control of the personal account of a LiveRamp employee, one of Facebook’s leading data management partners. Threat actors used the employee’s login credentials to gain access to the company’s Business Manager to launch ads using other people’s money.

It should be remembered that advertising is what keeps Facebook alive. During 2020, the social network is expected to generate profits of around $84 billion USD in advertising, mainly due to the effectiveness in ad-targeting specific audiences, as mentioned by data protection users.

Regarding LiveRamp, it is an important Facebook partner and a global marketing powerhouse. This company pioneered data incorporation, combining users’ online identity with real-world action data, such as purchases in physical stores. By compromising a LiveRamp account, threat actors achieved wide reach in their social media fraud.

After stealing the LiveRamp employee’s login credentials, hackers began posting multiple advertisements at the expense of companies that legitimately invested money for advertising placement. Hackers’ publications advertised non-existent products, such as sunglasses, accessories for technological devices, and even penis enlargement pills.

In a statement, LiveRamp released some details about the incident: “A limited number of LiveRamp customers and associated accounts have been affected. Facebook quickly reported the incident to the compromised accounts and appropriate steps were taken to block unauthorized access.”

It is not yet known how many users fell into the scam, as LiveRamp mentions that no further details will be published until the ongoing investigation is complete. However, sources close to the company mention that the most-viewed fraudulent ads could have reached more than 50,000 viewers. By clicking on these advertisements, the user was redirected to a malicious site to extract their banking details.

Data protection experts at the International Institute of Cyber Security (IICS) have tracked similar cases on multiple occasions. While these incidents can occur in a variety of ways, the goal is always to collect sensitive information from users; as a prevention measure, it is recommended to ignore Facebook ads with offers too good to be true.