Last updated 1 month ago
Facebook, a technology company, was targeted in a phishing campaign that compromised approximately 30,000 user accounts. The operation, codenamed AccountDumpling by Guardio, was publicly disclosed on May 3, 2026. The exact discovery date is not specified in the article.
The attack chain involved the use of Google AppSheet as a 'phishing relay' to distribute phishing emails. The threat actors, linked to a Vietnamese-linked operation, used this method to harvest Facebook account credentials. The stolen accounts were then sold through an illicit storefront operated by the threat actors. No specific CVEs or MITRE ATT&CK techniques were mentioned.
Post-incident, the article does not provide details on regulatory actions, litigation, ransom payments, or breach notification status. The focus remains on the attack methodology and the scale of account compromise.
Phishing campaign using Google AppSheet as a relay to distribute phishing emails targeting Facebook accounts.
Facebook's reliance on user vigilance against phishing was insufficient, as the use of a legitimate service like Google AppSheet as a relay bypassed typical email security filters. The scale of 30,000 compromised accounts indicates that multi-factor authentication (MFA) was not universally enforced or was bypassed. Organizations should implement phishing-resistant MFA and monitor for abuse of trusted third-party services in email campaigns.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector
Threat Actor
Continent
Country
Industry
Attack Vector
Threat Actor