247/69 Thursday, May 7, 2026
Vimeo has confirmed a data breach incident affecting approximately 119,000 users during April 2026. The company stated that the breach did not originate from a direct compromise of Vimeo’s own systems, but was instead linked to a vulnerability involving Anodot, a third-party analytics service provider. Through this connection, the ShinyHunters hacking group allegedly gained access to data stored in Snowflake and BigQuery instances. After ransom negotiations reportedly failed, the attackers released more than 106GB of stolen data on the dark web.
The exposed data reportedly includes 119,000 unique email addresses, with some records also containing usernames, technical information, video titles, and metadata. However, Vimeo emphasized that video content, account passwords, and payment information were not accessed or compromised. In response to the incident, Vimeo immediately revoked access permissions and disconnected integrations related to Anodot, engaged external cybersecurity experts to assist with the investigation, and notified relevant law enforcement authorities.
ShinyHunters is known as a cybercriminal group that frequently targets large organizations using social engineering techniques, including voice phishing (vishing), to steal SaaS login credentials and gain access to cloud environments. The incident highlights the growing risks associated with supply chain attacks and serves as a reminder for organizations to continuously assess and strengthen the cybersecurity posture of third-party vendors and service providers.