Vietnamese-Linked Group Hijacks Tens of Thousands of Facebook Accounts via Google AppSheet
AI-generated from multiple sources. Verify before acting on this reporting.
SEOUL (AP) — A criminal group linked to Vietnam has been identified behind a sophisticated phishing campaign that compromised tens of thousands of Facebook accounts, primarily targeting business and advertiser profiles. The operation, uncovered on May 4, 2026, exploited Google's AppSheet platform to facilitate the mass hijacking.
The scheme utilized a long-running phishing infrastructure designed to trick victims into surrendering login credentials. Once access was gained, the group monetized the stolen accounts through fraudulent advertising campaigns, online scams, and by selling access to other malicious actors. The attack vector specifically leveraged Google AppSheet, a low-code platform intended for building business applications, which was misused to automate parts of the credential harvesting and account takeover process.
Security researchers detailed the scope of the breach, noting that the compromised accounts were disproportionately business pages and advertiser profiles. These accounts are particularly valuable due to their established trust levels and ability to reach large audiences, making them prime targets for financial fraud and disinformation campaigns. The group's operations appear to be centered in Vietnam, though the specific individuals or organizations directing the campaign remain unconfirmed.
The abuse of Google AppSheet highlights a growing trend of cybercriminals repurposing legitimate enterprise tools for illicit activities. By embedding malicious code or using the platform to manage phishing lists, the group was able to scale their operations significantly. The incident underscores the challenges social media platforms face in securing high-value accounts against increasingly technical threats.
Facebook has not yet commented on the specific number of accounts affected or the timeline of the breach. The platform's security teams are reportedly working to identify and secure compromised profiles, though the full extent of the damage remains unclear. Google has also not issued a statement regarding the misuse of its AppSheet service in this context.
The discovery of the operation raises questions about the broader network behind the attacks. Investigators are examining whether the group has connections to other known cybercrime syndicates or if this is an isolated campaign. The monetization methods employed suggest a well-organized structure capable of sustaining long-term illicit revenue streams.
As the investigation continues, the focus remains on preventing further account takeovers and mitigating the financial impact on affected businesses. The incident serves as a stark reminder of the evolving tactics used by cybercriminals to exploit digital platforms for profit. Authorities in Vietnam and international partners are expected to coordinate efforts to trace the perpetrators and dismantle the infrastructure supporting the operation.
The full scope of the data exfiltration and the potential for further abuse of the compromised accounts remains unknown. Researchers warn that similar tactics could be adopted by other groups, necessitating heightened vigilance from both platforms and users. The situation is developing as more details emerge about the group's capabilities and reach.