- A third‑party breach exposed certain Vimeo user and customer data
- The accessed information included metadata and some email addresses, but not video content or payment details
- Vimeo disabled the integration, engaged external investigators, and was threatened with ransom demands
Popular video platform Vimeo has notified users some of their data may have been accessed by malicious third parties.
In a security incident announcement published on the company’s website, Vimeo said the unauthorized data access came as a result of the Anodot breach. Anodot is an AI-powered, cloud-based analytics platform that hunts for business incidents and anomalies in real-time, helping businesses identify sudden drops in sales, cost spikes, or technical glitches before they can significantly impact the organization and its customers.
In early April 2026, it was reported ShinyHunters broke in, and through the third-party integration features, accessed Anodot’s users’ Snowflake accounts. Apparently, more than a dozen companies were hit, but the only confirmed victim so far is Rockstar Games, the company behind the famed Grand Theft Auto and Red Dead Redemption game series – but now, Vimeo has stated it was also affected by this attack.
Article continues below
Confirmed Anodot incident
“We have identified that, as a result of the Anodot breach, an unauthorized actor accessed certain Vimeo user and customer data,” the announcement reads. “Our initial findings suggest that the databases accessed primarily contain technical data, video titles and metadata, and, in some cases, customer email addresses.”
Vimeo did not say how many people were affected by the attack, but stressed that video content, valid user login credentials, as well as payment card information, were not accessed.
“Vimeo user and customer login credentials are secure. This incident did not cause any disruption to our systems or service,” it concluded.
Following the discovery, Vimeo disabled all Anodot credentials, removed the integration, and brought in a third-party security company to assist with the postmortem. The police have also been notified.
The attack was claimed by ransomware actors ShinyHunters, who said they would publish the stolen files unless the company pays a ransom by April 30 2026.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/SEXM8ah9EKKpBKB22d7Ak3-1600-80.jpg
Source link
