Netlify vendor security report

Security & Breach News (last 12 months)

• Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web

  Thousands of web applications built on Netlify's AI-powered platform exposed sensitive corporate and personal data publicly on the internet due to improper data handling by developers using the platform. The incident demonstrates a systemic issue where Netlify's tools enabled rapid app creation without adequate built-in safeguards against data exposure.

  WIREDMay 8, 2026

  high
• Attackers Abuse Google AppSheet, Netlify, and Telegram in Facebook Phishing Campaign

  Netlify was abused as an infrastructure service by attackers in the "AccountDumpling" phishing campaign that compromised approximately 30,000 Facebook accounts worldwide. The incident indicates Netlify's platform was leveraged without authorization to facilitate credential harvesting attacks.

  Cryptika CybersecurityMay 6, 2026

  high
• How AppSheet Phishing Put 30,000 Facebook Accounts at Risk

  Netlify was identified as one of several platforms abused by AccountDumpling, a Vietnamese-linked phishing operation, to facilitate a campaign that compromised approximately 30,000 Facebook accounts. The incident represents a confirmed case of Netlify's infrastructure being leveraged for malicious phishing purposes, though the breach itself originated from the threat actor's misuse rather than a vulnerability in Netlify's platform.

  Analytics InsightMay 5, 2026

  high
• Massive Facebook Phishing Operation Leverages AppSheet, Netlify, and Telegram

  Netlify's platform was leveraged as an infrastructure component in the AccountDumpling phishing operation that compromised over 30,000 Facebook accounts worldwide. While Netlify itself was not breached, its service was actively used to facilitate the attack, indicating a confirmed security incident involving the vendor's platform.

  GBHackers NewsMay 4, 2026

  high