A newly discovered Vietnamese-linked operation codenamed AccountDumpling is using Google AppSheet as a phishing relay to send deceptive Meta Support emails that harvest Facebook credentials for resale. The campaigns employ multiple lures and hosting platforms (Netlify, Vercel, Google Drive, Canva) to collect passwords, 2FA codes, ID photos and other data which are exfiltrated to Telegram channels, impacting roughly 30,000 Facebook accounts worldwide. #AccountDumpling #GoogleAppSheet
Keypoints
- The campaign, dubbed AccountDumpling, uses Google AppSheet emails to bypass spam filters and phish Facebook Business owners.
- Approximately 30,000 Facebook accounts have been stolen and are being sold via an illicit storefront run by the operators.
- Attackers deploy varied lures—account appeals, blue badge checks, verification PDFs, and fake job offers—hosted on Netlify, Vercel, and Google Drive.
- Stolen credentials, 2FA codes, ID photos and other data are exfiltrated to attacker-controlled Telegram channels.
- Canva-generated PDF metadata and a linked domain indicate a Vietnamese individual and a larger commercial fraud operation behind the scheme.
Read More: https://thehackernews.com/2026/05/30000-facebook-accounts-hacked-via.html