- Third-party breach exposed some Vimeo user and customer data
- The information accessed included metadata and some email addresses, but not video content or payment details.
- Vimeo Disabled Integration, Hired External Investigators, and Was Threatened With Ransom Demands
Popular video platform Vimeo has informed users that some of their data may have been accessed by malicious third parties.
In a security incident announcement posted on the company’s website, Vimeo said the unauthorized access to data was a result of the Anodot breach. Anodot is a cloud-based, AI-powered analytics platform that scans for business incidents and anomalies in real-time, helping businesses identify sudden sales drops, cost increases, or technical issues before they can have a significant impact on the organization and its customers.
In early April 2026, it was reported that ShinyHunters had broken in and accessed Anodot users’ Snowflake accounts through third-party integration features. Apparently, more than a dozen companies have been affected, but the only confirmed victim so far is Rockstar Games, the company behind the famous Grand Theft Auto And Red Dead Redemption game series – but now Vimeo has stated that it is also affected by this attack.
Article continues below
Anodot incident confirmed
“We have identified that as a result of the Anodot breach, an unauthorized actor accessed certain Vimeo user and customer data,” the announcement said. “Our initial findings suggest that the databases accessed primarily contain technical data, video titles and metadata, and, in some cases, customer email addresses.”
Vimeo did not specify how many people were affected by the attack, but stressed that video content, users’ valid login credentials, as well as payment card information, were not accessible.
“The login credentials of Vimeo users and customers are secure. This incident did not cause any disruption to our systems or services,” he concluded.
Following the discovery, Vimeo disabled all Anodot credentials, removed the integration, and brought in a third-party security company to help with the postmortem. The police were also notified.
The attack was claimed by ransomware actors ShinyHunters, who said they would release the stolen files unless the company paid a ransom by April 30, 2026.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
