Cyber Incident Victim: LiveRamp
Date:
Oct 2019
Location:
United States of America
Summary
Hackers compromised a personal account of an employee at a major Facebook data partner, enabling unauthorized access to the company's Business Manager account on the social network. The attackers exploited this access to launch fraudulent advertising campaigns, leveraging the victim's privileged advertising privileges to disseminate scams and potentially steal financial information. This incident highlighted broader security risks targeting advertising ecosystems, where compromised business accounts can facilitate large-scale financial fraud and data theft. The affected marketing firm confirmed containment of the breach, while Facebook acknowledged a related Business Manager account compromise without explicitly naming the partner. Such breaches demonstrate how threat actors exploit trusted advertising partnerships to monetize malicious activities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In October 2019, hackers compromised the personal account of a LiveRamp employee to infiltrate the company’s Facebook Business Manager account. LiveRamp, a major Facebook data partner specializing in matching real-world consumer behavior with online identities for targeted advertising, provided privileged access to advertising tools on the social network. The attackers exploited this access to launch fraudulent advertising campaigns using compromised financial credentials from LiveRamp’s clients. These campaigns promoted scams such as counterfeit Ray-Ban sunglasses and other bogus offers, designed to steal credit card information from victims. The breach did not require compromising multiple accounts; a single employee’s credentials granted sufficient access to initiate large-scale malicious activities. Facebook confirmed in November 2019 that an admin account linked to a Business Manager had been hacked but did not publicly identify LiveRamp as the affected partner. The incident highlighted a pattern of attacks targeting Facebook’s advertising ecosystem, where compromised accounts could be weaponized to reach vast audiences.
The attack demonstrated how threat actors leveraged Facebook’s ad infrastructure for financial fraud, mirroring earlier incidents documented in a December 2019 Facebook lawsuit against a Chinese firm accused of hijacking ad accounts via malware-infected browser extensions. In that case, attackers stole at least $4 million through fraudulent ad spending between 2016 and 2019, promoting counterfeit goods and male enhancement products. While LiveRamp stated the October incident’s damage was contained, the breach exposed vulnerabilities in third-party access to Facebook’s advertising systems. No specific financial losses or data theft metrics were disclosed for the LiveRamp incident. Facebook declined to comment on the event, and LiveRamp emphasized its role as one of over 300 businesses integrated with Facebook’s data onboarding tools. The incident underscored the attractiveness of advertising accounts as high-value targets due to their financial linkages and broad audience reach.