How to Avoid Liability When Ad Accounts Are Compromised or Overspend - monjur

You’re running ads for a client. Everything’s approved. But then an accident happens—or worse, the client’s account gets hacked. Suddenly, $100K in ad charges show up, and the client expects you to pay for it.

Without the right contract terms, this could become your problem.

What Can Go Wrong

A former employee still has access to the client’s Facebook Ads account and runs unauthorized campaigns.
A hacker compromises credentials and spends $100K in hours.
The client mistakenly authorizes a campaign, but disputes the cost after it runs.

If your contract doesn’t clearly assign responsibility, your agency could be blamed for something you didn’t control.

What Your Contract Should Say

Client Owns the Ad Accounts: Make it clear that the client owns and controls the platform account (Google Ads, Meta, LinkedIn, etc.), not you.
Client Pays All Ad Spend: You are not financially responsible for ad spend—even in the case of accident, error, or third-party misuse.
Security Responsibility: Clients must maintain secure access and manage user permissions. If they ignore your advice and leave their account open, they accept the risk.
No Guarantees on Performance: While you provide strategy and execution, you can’t promise platform results or protect against vendor-side issues.

How Monjur Helps

Monjur Pilot includes:

Attorney-approved SOW templates for agencies and creatives
Smart Hyperlinks that push liability and security language into every contract
AI Legal Assistants that guide your team on what’s enforceable and how to handle disputes

Bottom Line

If the ad account is hacked or overspends, the provider (you) should not be responsible—and your contract should say so.