- Third-party breach exposed certain Vimeo user and customer data
- The information accessed included metadata and some email addresses, but no video content or payment details.
- Vimeo disabled the integration, hired outside researchers, and was threatened with ransom demands.
Popular video platform Vimeo has notified users that malicious third parties may have accessed some of their data.
In a security incident announcement posted on the company’s website, Vimeo said the unauthorized access to data occurred as a result of the Anodot breach. Anodot is an AI-powered cloud-based analytics platform that searches for business incidents and anomalies in real-time, helping businesses identify sudden drops in sales, cost increases, or technical failures before they can significantly impact the organization and its customers.
In early April 2026, it was reported that ShinyHunters broke in and, through third-party integration features, accessed the Snowflake accounts of Anodot users. Apparently, more than a dozen companies were affected, but the only confirmed victim so far is Rockstar Games, the company behind the famous grand theft car and Red Dead Redemption game series, but now, Vimeo has stated that it was also affected by this attack.
Article continues below.
Confirmed Anodot Incident
“We have identified that, as a result of the Anodot breach, an unauthorized actor accessed certain Vimeo user and customer data,” the announcement reads. “Our initial findings suggest that the databases being accessed primarily contain technical data, video titles and metadata, and in some cases, customer email addresses.”
Vimeo did not say how many people were affected by the attack, but emphasized that no video content, valid user login credentials, or payment card information were accessed.
“The login credentials of Vimeo users and customers are secure. This incident did not cause any disruption to our systems or services,” he concluded.
Following the discovery, Vimeo disabled all Anodot credentials, removed the integration, and hired a third-party security company to assist with the autopsy. The police have also been notified.
The attack was claimed by ransomware actors ShinyHunters, who said they would publish the stolen files unless the company paid a ransom by April 30, 2026.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
