Industry - Data Breach

moderateAnti-PrivacyApr 28, 2026 → Apr 28, 2026Data Breach

Executive Summary

Vimeo confirmed that customer data was accessed without authorization after attackers breached third-party service Anodot and stole authentication tokens to access Vimeo's Snowflake and BigQuery databases. The exposed data includes some customer email addresses, technical data, video titles, and metadata, but does not include uploaded video content, account credentials, or payment card information. The extortion group ShinyHunters claimed the breach and threatened to publish the stolen data u...

Post LinkedIn Reddit Email

data-collection data-breach

What Happened

On April 28, 2026, Vimeo confirmed that unauthorized actors accessed customer data after breaching third-party data analytics service Anodot. Attackers stole authentication tokens from Anodot and used them to access Vimeo's Snowflake and BigQuery database instances. The extortion group ShinyHunters claimed responsibility and threatened to publish the stolen data by April 30 unless Vimeo paid a ransom.

Who Is Affected

Some of Vimeo's customers and users are affected, though the total number remains unclear. The exposed data includes customer email addresses in some cases, along with technical data, video titles, and metadata. Vimeo has confirmed that uploaded video content, account credentials, and payment card information were not accessed.

Why It Matters

This incident demonstrates the cascading security risks when third-party service providers are compromised, allowing attackers to pivot to multiple downstream organizations. ShinyHunters exploited a single breach at Anodot to access data from numerous companies including Vimeo and Rockstar Games, highlighting how service integrations can create widespread vulnerability across seemingly unrelated platforms. The use of stolen authentication tokens shows how supply chain attacks can bypass direct security measures.

What You Should Do

If you are a Vimeo user or customer, monitor your email for official communications from Vimeo about whether your data was specifically affected. Be vigilant for phishing attempts or spam using your email address, as exposed addresses may be used for targeted attacks. Consider reviewing what metadata and titles are associated with your videos, as this information may have been exposed even though the video content itself was not accessed.

Summary generated from verified sources and reviewed before publication. How we summarize.

Sources

Related Events