MLXIO
Facebook profile lock screen on a smartphone
CybersecurityMay 1, 2026· 7 min read· By MLXIO Insights Team

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

Share

MLXIO Intelligence

Analysis Snapshot

Updated on May 1, 2026

Introduction to the AccountDumpling Facebook Account Hack

A massive Facebook hack just hit 30,000 people, all thanks to a sneaky phishing trick using Google’s AppSheet. Security firm Guardio found a group with links to Vietnam behind this hit, calling the operation “AccountDumpling.” These hackers used Google’s trusted tools to slip by defenses and steal login info. Then, they sold the stolen Facebook accounts like items at a store.

This attack matters because it shows how cybercriminals are finding new ways to trick people and get around security. Social media hacks can lead to stolen money, lost privacy, and even threats to businesses. The AccountDumpling campaign is the latest sign that hackers now use everyday tools—like Google services—to pull off big crimes [Source: The Hacker News].

How the Google AppSheet Phishing Campaign Operated

Google AppSheet is a tool that lets people build apps without coding. Businesses use it to make simple tools for work. But in this case, hackers twisted AppSheet into a relay for phishing. They set up fake apps on AppSheet and sent out emails with links to these apps. Because the emails and links came from a trusted Google platform, spam filters and users were less likely to get suspicious.

The phishing emails looked real and often pretended to be about Facebook alerts—like password resets or security checks. When a person clicked the link, they landed on a page that looked just like Facebook’s login screen. If they entered their username and password, the hackers grabbed that info right away.

AppSheet’s trusted status gave the attack a big advantage. Most people trust Google platforms, so the links in these emails didn’t trigger automatic warnings. Security filters also often let AppSheet traffic through, making it hard for companies to block this kind of phishing. In other words, the hackers hid behind Google’s good name to do their dirty work.

The stolen logins let attackers break into real Facebook accounts quickly. From there, they could steal more data, send out more phishing attacks, or sell the accounts for profit. This method made it easy to reach thousands of people fast, using a platform built for good [Source: The Hacker News].

Scope and Impact of the AccountDumpling Campaign on Facebook Users

The AccountDumpling attack hit about 30,000 Facebook accounts. That’s like the population of a small town all losing their keys on the same day. The campaign didn’t just hit random people—it targeted a mix of everyday users, small business pages, and possibly even influencers or advertisers. Some accounts had years of photos, private messages, or business contacts inside.

For those victims, the damage is real. Hackers who control a Facebook account can steal personal info, scam friends, or even launch more attacks from the stolen account. For businesses, losing a Facebook page can mean lost customers and a broken reputation. Some victims may not even know they’ve been hacked until friends get strange messages or money disappears.

Guardio found that the hackers ran an illegal online store to sell these stolen accounts. Prices depend on how old or popular the account is. Some accounts might be used for scams, while others are taken over to spread more phishing or fake ads.

This kind of attack hurts more than just the people who get hacked. It spreads risk across social networks, making everyone a little less safe. The fact that thousands of accounts were grabbed in one go shows just how fast and wide these attacks can move [Source: The Hacker News].

Analysis: What the AccountDumpling Hack Reveals About Emerging Phishing Threats

This attack highlights a big change in how phishing works. Instead of shady links from unknown websites, hackers now use well-known, trusted cloud platforms. By using Google AppSheet, the attackers got a “free pass” through many security gates. Most people and systems trust Google, so phishing emails using Google services are much harder to spot.

This is not the first time hackers have used trusted platforms. In the past, criminals have abused services like Google Docs, Dropbox, or Microsoft OneDrive to host fake login pages or deliver malware. What’s new here is the scale and speed. By building phishing pages on AppSheet, the hackers could make and change fake sites quickly, staying one step ahead of defenders.

Security teams now face a tough job. Blocking Google services would break real business tools, but letting them through means some attacks will slip past. Email filters, web firewalls, and even browser warnings are less useful when the attack comes from a familiar address.

For Facebook and other social networks, this means old ways of spotting stolen accounts—like looking for strange logins or weird activity—might not be enough. They need to look for patterns, like many users logging in from the same new app or reporting fake security emails. The challenge is similar for banks, workplaces, or schools whose staff and users could get targeted next.

For users, the problem is also getting harder. Most people are taught to watch out for strange links or unknown senders. But they may not suspect something with a Google domain. This gives hackers more room to trick even careful people.

Experts worry this trend will grow. Cybercriminals follow what works, and trusted platforms are easy targets. As cloud services become a bigger part of daily life, both for work and play, they become new weapons for attackers. Threats like AccountDumpling show that every new tool can become a risk if not watched closely.

Looking ahead, we may see more attacks using “phishing relays”—trusted apps or platforms that act as middlemen. Companies and security firms will need new tools to check not just where a link comes from, but what it’s doing. Training people to spot fake emails remains key, but now the fakes are better hidden than ever.

In short, the AccountDumpling campaign is a warning sign. As hackers get more creative, users and companies need to keep raising their guard, even with the platforms they trust most.

Protecting Yourself Against Phishing Attacks Exploiting Cloud Platforms

There are some steps everyone can take to stay safer. First, always check the sender and the link before clicking. Even if an email looks like it’s from Facebook or Google, don’t trust it right away. Hover over links and see if they lead to the real site—not a strange address.

Using multi-factor authentication (MFA) is one of the best ways to protect your accounts. With MFA, even if someone gets your password, they can’t get in without a second code sent to your phone or app. Make sure your Facebook and email accounts have this extra layer turned on.

Keep your passwords strong and don’t reuse them. If you get an email about a password reset but didn’t ask for one, go straight to the real Facebook website to check. Don’t use links in the email. Watch for signs your account was hacked—like logins from new places, or people saying they got weird messages from you.

Platforms like Facebook and Google are working to stop these attacks, but users have to play a part too. Reporting suspicious emails or apps helps keep everyone safer. The fight against phishing takes work from both the big tech companies and everyday people.

Conclusion: The Urgent Need for Vigilance Amid Rising Phishing Campaigns

The AccountDumpling campaign shows how hackers can twist even trusted tools like Google AppSheet into weapons. With 30,000 Facebook accounts stolen and sold, the damage is wide and deep. This isn’t just a problem for Facebook—it’s a warning to anyone using online services.

Users and tech companies need to stay alert. As phishing tricks get smarter, old habits may not be enough. Checking emails, using strong passwords, and turning on extra security can help, but the fight is ongoing.

Looking forward, cybercriminals will keep finding new ways to hide behind trusted brands. The best defense is a mix of smart technology and smart people. If users stay sharp and companies keep improving their tools, we stand a better chance of stopping the next big phishing attack before it starts.

Why It Matters

  • This attack highlights how cybercriminals exploit trusted platforms like Google AppSheet to bypass security and trick users.
  • The breach of 30,000 Facebook accounts puts user privacy, finances, and businesses at risk.
  • It shows the increasing sophistication of phishing campaigns and the need for stronger digital vigilance.

Scale of Facebook Accounts Hacked via AppSheet Phishing

Accounts Hacked
accounts30,000
MLXIO

Written by

MLXIO Insights Team

Algorithmic Research & Human Oversight

Powered by advanced algorithmic research and perfected by human oversight. The Insights Team delivers highly structured, cross-verified analysis on emerging tech trends and digital shifts, filtering out the fluff to give you high-fidelity value.

Related Articles

a man wearing a mask
CybersecurityMay 24, 2026

Scammers Abuse Real Microsoft Address to Push Phishing

Scammers used a real Microsoft alert address to send phishing links for months, turning trusted security emails into a risk.

6 min read

person in black and red mask holding smartphone
CybersecurityJun 30, 2026

$10M Bounty Targets Russian Signal, WhatsApp Hackers

Washington is offering $10M for tips on Russian-linked groups accused of hacking Signal and WhatsApp users.

6 min read

red padlock on black computer keyboard
CybersecurityJun 23, 2026

Vaults Dodge Hit as LastPass Breach Exposes User Data

LastPass says vaults are safe, but Klue's breach exposed CRM and support data that could arm phishing attacks.

5 min read

person using laptop computer holding card
CybersecurityJun 23, 2026

6,843 Fake Domains Turn Amazon Prime Day Into a Trap

Prime Day’s biggest deal may be bait: 6,843 fake domains were ready before shoppers arrived.

7 min read

green frog iphone case beside black samsung android smartphone
CybersecurityJun 29, 2026

Android Zero-Day Under Attack as Google Patches 124 Flaws

Google patched 124 Android flaws, including one under targeted attack. Check your June 2026 patch level now.

7 min read

a tablet computer sitting on top of a table
TechnologyJul 13, 2026

Security Fixes Take Over Apple 26.6 Beta 5 Rollout

Apple’s 26.6 beta 5 wave points to late-cycle bug fixes and security cleanup—not a feature drop.

5 min read

yellow Labrador Retriever standing on ground at daytime
TechnologyJul 14, 2026

€100 Pet GPS Tracker Lets Owners Talk Back in Real Time

Mova’s €99.99 pet GPS tracker adds five-second location refreshes and two-way voice, making lost-pet tech feel like live remote presence.

7 min read

A close up of a cell phone on a table
TechnologyJul 14, 2026

3.5-Inch HMD Fame Leak Bets Tiny Phones Aren’t Dead

HMD Fame could turn the feature phone into a tiny touch device with AUX, microSD and a shortcut key.

5 min read

silver iphone 6 on white sony device
TechnologyJul 14, 2026

Galaxy Z Fold 8 Drops 200MP Camera but Keeps Top Price

Samsung may trade a 200MP Fold camera for a slimmer Fold 8, even as leaked AUD prices keep it firmly premium.

8 min read

apple logo on blue surface
TechnologyJul 14, 2026

Beta 5 Puts iOS 26.6 in iPhone Cleanup Mode Before iOS 27

iOS 26.6 beta 5 looks like Apple’s late-cycle iPhone cleanup, not a feature drop, as iOS 27 and Siri AI prep take center stage.

7 min read

Stay ahead of the curve

Get a weekly digest of the most important tech, AI, and finance news — curated by AI, reviewed by humans.

No spam. Unsubscribe anytime.