30K Facebook Accounts Stolen via Google AppSheet Phish

Robert Moore · 2026-05-01

A newly uncovered phishing campaign linked to Vietnamese threat actors is using Google AppSheet as a phishing relay to compromise Facebook accounts. The operation, dubbed AccountDumpling by security firm Guardio, has already stolen roughly 30,000 Facebook accounts, which are then sold through an illicit storefront. ### How the Phishing Relay Works The attackers exploit Google AppSheet, a legitimate no-code app development platform, to create phishing pages that look like official Facebook login screens. These pages are distributed via email to unsuspecting users. When a target clicks the link, they land on a convincing fake login page hosted on AppSheet, which captures their credentials and session cookies. This approach is clever because AppSheet domains are often trusted by email filters. The phishing emails bypass traditional security checks, making them more likely to reach inboxes. Once credentials are stolen, the attackers use them to log into Facebook accounts, change passwords, and lock out the original owners.  ### The Scale of the Attack According to Guardio, the campaign has affected around 30,000 accounts so far. The stolen accounts are sold on a dedicated dark web storefront, with prices ranging from $10 to $50 per account depending on factors like account age, friend count, and activity level. Some accounts with high engagement or access to Facebook Ads Manager can fetch up to $200. The attackers are believed to be part of a Vietnamese cybercrime group, though their exact identity remains unknown. Guardio has reported the activity to Google and Facebook, and both companies are investigating. ### What This Means for You If you use Facebook for personal or business purposes, this campaign is a serious threat. Here's what you should do to protect yourself: - Enable two-factor authentication (2FA) on your Facebook account. Use an authenticator app, not SMS, for better security. - Be cautious of any email asking you to log into Facebook, even if it looks legitimate. Always check the URL before entering credentials. - Use a password manager to generate and store unique passwords for each account. Never reuse passwords across sites. - Consider using an antidetect browser to mask your digital fingerprint when managing multiple accounts. This adds an extra layer of privacy and makes it harder for attackers to track you. ### Why Antidetect Browsers Matter Here Antidetect browsers are tools that allow you to create multiple browser profiles, each with a unique fingerprint. This is useful for digital marketers, social media managers, and anyone who needs to manage multiple accounts without being flagged by platforms like Facebook. In the context of phishing attacks like AccountDumpling, an antidetect browser can help in two ways. First, it reduces the risk of your accounts being linked, so if one is compromised, others remain safe. Second, it makes it harder for attackers to profile you based on your browser fingerprint, which they can use to target you with personalized phishing emails. ### How to Stay Ahead of Phishing Threats Phishing campaigns are becoming more sophisticated, using trusted platforms like Google AppSheet to evade detection. To stay safe: - Regularly review your Facebook login history for any suspicious activity. - Use a dedicated email address for social media accounts to limit exposure. - Install browser extensions that block known phishing domains. - Keep your browser and operating system updated with the latest security patches. The AccountDumpling campaign is a reminder that even legitimate services can be weaponized by cybercriminals. By staying vigilant and using the right tools, you can reduce your risk of falling victim to such attacks. ### Final Thoughts The theft of 30,000 Facebook accounts via a Google AppSheet phishing relay is a wake-up call for anyone active on social media. The attackers are not just after your login credentials; they want to hijack your entire digital identity. By taking proactive steps like enabling 2FA, using unique passwords, and leveraging antidetect browsers, you can protect yourself from these evolving threats.