30K Facebook Accounts Stolen in Google AppSheet Phishing Blitz

Phishing Campaign Abuses Google AppSheet to Hijack 30,000 Facebook Accounts

According to recent reports, a sophisticated phishing operation linked to Vietnamese threat actors has compromised approximately 30,000 Facebook accounts. The campaign, tracked under the codename AccountDumpling by cybersecurity firm Guardio, leveraged Google AppSheet as a novel phishing relay to distribute malicious emails.

How the Attack Worked

The attackers exploited Google AppSheet, a legitimate no-code application platform, to create convincing phishing pages. Victims received emails that appeared to come from Facebook, prompting them to log in. Once credentials were entered, the attackers gained full access to the accounts.

Stolen Accounts Sold on Illicit Storefront

Rather than using the accounts for direct fraud, the threat actors sold them through a dedicated online storefront. This underground marketplace offered compromised accounts to buyers, generating profit from the stolen data.

Implications for Users

This incident highlights the evolving tactics of cybercriminals, who are increasingly abusing trusted platforms like Google services to evade detection. Users are advised to enable two-factor authentication and remain cautious of unsolicited login prompts.