How to Avoid Liability When Ad Accounts Are Compromised or Overspend

You’re running ads for a client. Everything’s approved. But then an accident happens, or worse, the client’s account gets hacked. Suddenly, $100K in ad charges show up, and the client expects you to pay for it.

Without the right contract terms, this could become your problem.

What Can Go Wrong

  • A former employee still has access to the client’s Facebook Ads account and runs unauthorized campaigns.
  • A hacker compromises credentials and spends $100K in hours.
  • The client mistakenly authorizes a campaign, but disputes the cost after it runs.

If your contract doesn’t clearly assign responsibility, your agency could be blamed for something you didn’t control.

What Your Contract Should Say

  1. Client Owns the Ad Accounts: Make it clear that the client owns and controls the platform account (Google Ads, Meta, LinkedIn, etc.), not you.
  2. Client Pays All Ad Spend: You are not financially responsible for ad spend, even in the case of accident, error, or third-party misuse.
  3. Security Responsibility: Clients must maintain secure access and manage user permissions. If they ignore your advice and leave their account open, they accept the risk.
  4. No Guarantees on Performance: While you provide strategy and execution, you can’t promise platform results or protect against vendor-side issues.

How Monjur Helps

Monjur Pilot includes:

  • Attorney-approved SOW templates for agencies and creatives
  • Smart Hyperlinks that push liability and security language into every contract
  • AI Legal Assistants that guide your team on what’s enforceable and how to handle disputes

Bottom Line

If the ad account is hacked or overspends, the provider (you) should not be responsible, and your contract should say so.

Found this useful?
Share it with another MSP founder.
Rob Scott
About the author

Rob Scott

CEO & Co-Founder, Attorney

Attorney with 25+ years of MSP legal experience. Co-Founder of Scott & Scott, LLP and Monjur. Has overseen contracting for 1,000+ MSPs.

Rob Scott is an attorney with more than 25 years of experience in MSP and technology law, and the co-founder of both Scott & Scott, LLP and Monjur. He has overseen customer contracting for more than 1,000 managed service providers and built Monjur to bring attorney-supervised contract intelligence to the MSP industry.

Licensed in Texas since 1999, Rob earned his J.D. from the Maurice A. Deane School of Law at Hofstra University and his B.A. in Economics and Philosophy from Austin College. His practice focuses on software licensing, software audit defense, data privacy, and vendor risk, representing MSPs and enterprise clients in transactions and disputes with major software publishers.

Stop worrying about contracts

Attorney-supervised contract intelligence for MSPs.

We write and update your client contracts, and protect your business, so you don't have to.

See Monjur Pilot in your own MSA.

No slide deck. We'll pull up your actual contract and show you what Pilot would flag.

Schedule 20-minute demo →
1,000+ MSPs · 25+ years of MSP legal