Home Technology, networking, cybersecurity, AI 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
Technology, networking, cybersecurity, AI

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

Alex Harrison May 3, 2026 2 min read
30,000 Facebook Accounts - 30,000 Facebook Accounts Hacked Via Google Appsheet Phishing Campaign

Cybercriminals have compromised 30,000 Facebook accounts through a phishing campaign that targeted users of Google AppSheet, a no-code app development platform. The attacks, detected in recent weeks, tricked users into entering login credentials on fake sites mimicking AppSheet’s interface.

Attack Details

The phishing operation involved emails and messages posing as notifications from Google AppSheet. Victims clicked links leading to counterfeit login pages designed to capture Facebook usernames and passwords. Once obtained, attackers accessed the accounts to post spam, steal personal data, or further spread malware.

Security researchers confirmed the scale of the breach after analyzing stolen credential dumps shared on underground forums. The campaign exploited AppSheet’s popularity among small businesses and developers building custom apps without coding skills.

Victim Impact

Affected users reported unauthorized posts, friend requests from hijacked profiles, and drained ad account balances. Many discovered the breach only after seeing suspicious activity. Facebook has locked thousands of accounts and forced password resets for those involved.

The incident highlights risks in third-party app ecosystems. For more on online scams, see our coverage of SEO scammers who use similar tactics to exploit trust.

Google and Facebook Response

Google issued a statement on its security blog warning AppSheet users to verify email senders and enable two-factor authentication. “We actively monitor for abuse and work with partners to mitigate threats,” the company said.

Facebook advised users to check active sessions in account settings and revoke access from suspicious apps. A spokesperson noted, “We detected unusual login activity and responded by securing accounts.”

Broader Context

Phishing remains a top threat, with social media platforms frequent targets due to their vast user bases. This breach follows similar incidents involving OAuth misconfigurations in other Google services. Experts recommend vigilance against urgent requests for credentials.

Businesses using no-code tools face growing risks as adoption rises. Related discussions on user trust in digital platforms appear in our article on user engagement metrics.

Prevention Steps

  • Enable multi-factor authentication on all accounts.
  • Hover over links to check destinations before clicking.
  • Use password managers to spot credential reuse.
  • Monitor account activity regularly.

Authorities urge victims to report incidents to local cybercrime units. Ongoing investigations aim to identify the attackers, believed to operate from multiple regions. Facebook and Google continue to share threat intelligence to prevent recurrence.

Users should stay alert as phishing evolves. For insights into streamlining secure operations, check reconciliation software tools that aid in fraud detection.

Frequently Asked Questions

How can I protect my Facebook account from Google AppSheet phishing attacks?

Enable two-factor authentication on your Facebook account and avoid clicking links in unsolicited emails claiming to be from Google AppSheet. Verify any suspicious messages by logging into Facebook directly through the official app or website. Regularly scan your device for malware using reputable antivirus software to detect phishing remnants from the 30,000 Facebook accounts hacked via Google AppSheet phishing campaign.

What is the Google AppSheet phishing campaign targeting Facebook accounts?

The Google AppSheet phishing campaign is a sophisticated scam using fake Google AppSheet notifications to trick users into entering Facebook credentials on fraudulent login pages. It exploited vulnerabilities in user trust of Google services, leading to over 30,000 Facebook accounts hacked. Attackers then used stolen data for unauthorized access and further scams.

Why were 30,000 Facebook accounts hacked using Google AppSheet phishing?

Users fell for phishing emails mimicking legitimate Google AppSheet alerts, prompting them to log in via fake sites that captured credentials. The campaign succeeded due to AppSheet's association with Google, lowering suspicion among Facebook users. This highlights common errors like not verifying sender domains before clicking links.

What are the best practices to recover from Google AppSheet Facebook phishing hack?

Immediately change your Facebook password and enable login alerts after confirming the hack from the 30,000 accounts incident. Review connected apps in Facebook settings and revoke access to suspicious ones like fake AppSheet integrations. No direct costs involved, but act within hours to minimize damage using Facebook's built-in security tools.

How does Google AppSheet phishing compare to other Facebook hacking methods?

Unlike traditional password stuffing, Google AppSheet phishing uses branded lures mimicking official Google tools, making it more deceptive than generic scams targeting Facebook accounts. It outperforms SMS-based phishing in scale, hacking 30,000 accounts faster via email. For advanced users, it's similar to OAuth exploits but leverages no-code app trust uniquely.
Avatar Of Alex Harrison

Alex Harrison

NetworkUstad Contributor

📬

Enjoyed this article?

Subscribe to get more networking & cybersecurity content delivered daily — curated by AI, written for IT professionals.

🔒 No spam. Unsubscribe anytime.

✓ Free ✓ Daily updates
Subscribe
Subscribe