Vimeo breach exposed data of more than 119,000 users following Anodot compromise

Vimeo, the Nasdaq-listed video hosting and streaming platform, confirmed a data breach that exposed personal information belonging to more than 119,000 users after attackers gained unauthorized access through third-party analytics provider Anodot.

The breach was linked to the ShinyHunters extortion group, which later published a 106GB archive of stolen data after ransom negotiations failed. The exposed information included email addresses and, in some cases, user names tied to approximately 119,200 individuals identified through analysis by data breach notification service Have I Been Pwned.

Vimeo disclosed on April 27 that unauthorized actors accessed customer and user data through the Anodot incident. The company said the compromised databases primarily contained technical information, video titles, metadata, and certain customer email addresses.

The company stated that no Vimeo video content, valid user login credentials, or payment card information were exposed during the breach. Vimeo also said the incident did not disrupt its systems or services.

In response to the intrusion, Vimeo disabled all Anodot credentials, removed the analytics vendor’s integration with its systems, engaged external cybersecurity specialists, and notified law enforcement authorities. The company said the investigation remains ongoing.

ShinyHunters claimed the compromise occurred through access to Snowflake and BigQuery environments connected to Anodot authentication tokens. The group alleged that Vimeo declined to reach an agreement after multiple extortion attempts, prompting the release of the stolen data archive on its dark web leak site.

The cybercrime group has increasingly focused on social engineering and vishing operations targeting single sign-on environments linked to Microsoft Entra, Okta, Google, Salesforce, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, Microsoft 365, and Google Workspace platforms.