Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Facebook Sues Hackers Who Hijacked Advertising Agencies’ Accounts

Facebook Sues Hackers Who Hijacked Advertising Agencies’ Accounts

Facebook has filed lawsuits against two groups of suspects who took over advertising agency employees’ accounts and abused its ad platform to run unauthorized or deceptive ads.

The social network says that four Vietnamese nationals (Thêm Hữu Nguyễn, Lê Khang, Nguyễn Quốc Bảo, and Pham Hữu Dung) took over the Facebook accounts of multiple employees working at marketing and advertising agencies using a technique known as session theft (aka cookie theft).

Their victims’ Facebook login credentials were stolen using a malicious Android app named “Ad Manager for Facebook” created by the defendants and no longer available on the Google Play Store.

The app prompted the targets to enter their credentials and other sensitive information, later used by the suspects to take over their accounts and run over $36 million worth of Facebook ads without authorization.

Facebook refunded and helped the victims secure their accounts and is seeking to hold the attackers “accountable for creating the app, tricking people into installing it, compromising people’s Facebook accounts and then using those accounts to run deceptive ads.”

The company also sued California marketing company N&J USA Incorporated and its agents for running a bait-and-switch advertising scheme on Facebook’s ad platform.

“When someone clicked on one of these ads, they were redirected to third-party e-commerce websites to complete their purchase,” said Jessica Romero, Director of Platform Enforcement and Litigation.

“After paying for an item, users either never received anything or received merchandise that was different or of a lesser quality than what had been advertised.”

Also Read: Got Hacked? Here Are 5 Ways to Handle Data Breaches

Facebook fights platform abusers in court

This is the second time the social network giant has sued ad platform abusers for orchestrating account takeover attacks targeting Facebook accounts.

In 2019, Facebook sued one entity and two individuals for tricking its users into installing malware via Facebook ads.

The malware was designed to help the attackers take over targets’ Facebook accounts for running ads promoting counterfeit goods and diet pills.

These legal actions are part of a long series of instances where Facebook sued individuals and entities who abused the company’s platforms and services.

Notably, in March 2020, Facebook sued domain name registrar Namecheap and its Whoisguard proxy service “for registering domain names that aim to deceive people by pretending to be affiliated with Facebook apps,” frequently being used “for phishing, fraud and scams.”

In October 2019, Facebook filed another lawsuit against domain name registrar OnlineNIC and its ID Shield privacy service for allowing the registration of lookalike domains used in malicious campaigns.

Also Read: Compliance Course Singapore: Spotlight on the 3 Offerings

The same month, Facebook also sued Israeli cyber-surveillance firm NSO Group and Q Cyber Technologies, its parent company, for creating and selling a WhatsApp zero-day exploit used to attack high-profile targets, including government officials, diplomats, and journalists.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us