Vimeo data breach exposes personal information of 119,000 people

Vimeo confirms a breach linked to Anodot that exposed personal data for about 119,000 people—email addresses and, in some cases, names—along with technical data, video titles, and metadata. The company says no video content, valid user credentials, or payment card information were compromised, and there were no service disruptions; Anodot credentials were disabled and the integration removed, with law enforcement notified. After Vimeo's disclosure, the ShinyHunters extortion group leaked a 106GB cache of stolen data on the dark web, claiming access via Anodot tokens and signaling a broader campaign against SaaS platforms.

TechLogHub

May 5, 2026

0 views

Vimeo Data Breach Exposes Personal Information of 119,000 People

Overview

A breach involving Vimeo, exposed by the ShinyHunters extortion group, affected an estimated 119,000 people according to Have I Been Pwned.
Vimeo is a publicly traded video hosting and streaming platform with a global user base, hundreds of millions of registered users, and a sizeable workforce.
The incident followed a breach at Anodot, a data anomaly detection company whose integration with Vimeo was used for monitoring. Vimeo stated that the breach did not disrupt operations and did not expose user credentials or payment information.

What Happened

Timeline leading to disclosure:
In April, Vimeo detected unauthorized access tied to a breach at Anodot.
On April 27, Vimeo publicly acknowledged that customer and user data had been accessed following the Anodot breach.
Vimeo took immediate steps to limit access by disabling Anodot credentials and removing the Anodot integration from its systems. Third-party security experts were engaged for the investigation, and law enforcement was notified.
The company emphasized that the breach did not affect Vimeo video content, login credentials, or payment card information, and asserted that user and customer credentials remained secure.
The incident did not cause outages or disruptions to Vimeo’s services.

What Data Was Accessed

Vimeo indicated that the databases accessed primarily contained technical data, video titles, and metadata. In some instances, customer email addresses were exposed.
Have I Been Pwned analyzed the stolen data and reported that email addresses—and, in some cases, names—belonged to about 119,200 individuals.
The breach did not include the actual video content or sensitive financial information.

The Extortion Angle and Aftermath

After Vimeo’s disclosure, the ShinyHunters released a 106‑gigabyte archive of stolen documents on their dark web data leak site, following the company’s refusal to meet their extortion demands.
The extortion group claimed that data from Snowflake and BigQuery instances had been compromised via Anodot and indicated that Vimeo had not accepted their terms, despite “incredible patience” and offered opportunities.

Actor Profile: ShinyHunters and Associated Activities

ShinyHunters has been linked to a broader pattern of data theft and extortion involving multiple organizations.
The group has been connected to a widespread vishing campaign targeting employees and BPO agents’ Single Sign-On (SSO) accounts, including Microsoft Entra, Okta, and Google SSO.
Following breaches of SSO accounts, attackers purportedly gained access to connected SaaS applications such as Salesforce, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, Microsoft 365, Google Workspace, and others.

Broader Context: Other Breaches Attributed to ShinyHunters

In recent weeks, ShinyHunters claimed breaches or data theft affecting:
The European Commission
Rockstar Games (analytics data)
McGraw Hill (edtech, millions of accounts)
Medtronic (medical devices)
Carnival (cruise line operator)
Zara (fast fashion retailer)
7‑Eleven (convenience store chain)
Udemy (online training)
These incidents illustrate a pattern of high‑value targets and broad access to enterprise systems through compromised credentials or tokens.

Impact and Implications

For Individuals:
The primary exposure appears to be email addresses and, in some cases, names. No indication of exposed passwords, payment data, or direct access to video content is stated.
For Organizations:
The episode highlights the risk posed by third‑party integrations (Anodot) and the potential for attackers to pivot through SSO ecosystems to access multiple connected services.
It underscores the importance of securing third‑party credentials, monitoring integrations, and applying rapid containment steps when a breach is detected.
For the Security Community:
The incident reinforces the need for robust anomaly detection, rapid revocation of compromised credentials, and a coordinated response with law enforcement and incident responders.

Technical and Operational Details

Vendor and Platform Context:
Vimeo operates as a major video hosting and streaming platform with a large, global user base, and revenue data publicly reported for prior fiscal years.
Anodot, the misused data anomaly detection partner, played a critical role in the access chain that enabled the breach.
Containment Measures:
Vimeo promptly disabled Anodot credentials and severed the integration to prevent ongoing unauthorized access.
Affected systems were isolated from the broader environment as part of an incident response, with external security experts engaged to assist in the investigation.
Data Handling and Privacy Stance:
Vimeo asserted that no customer payment data or login credentials were compromised and that core service integrity was preserved.

Related Themes in the Security Landscape

The role of third‑party services as potential threat vectors, particularly when integrated into critical data workflows and authentication ecosystems.
The ongoing risk associated with SSO accounts and token‑based access, which can serve as a gateway to multiple connected SaaS applications when compromised.
The importance of rapid credential revocation and independent verification after a breach to limit attacker dwell time.

Bottom Line

The Vimeo incident, tied to the Anodot breach and subsequently amplified by the ShinyHunters leak, resulted in the exposure of personally identifiable information for tens of thousands of individuals, chiefly email addresses and some names.
While the breach did not reveal video content or financial data, it serves as a stark reminder of the interconnected nature of modern cloud services and the cascading risk that can arise from compromised third‑party integrations and SSO ecosystems.
The episode underscores the ongoing need for vigilant monitoring, swift containment, and transparent communication in incident response to minimize harm to users and organizations alike.

Vimeo Data Breach Exposes Personal Information of 119,000 People

Overview

A breach involving Vimeo, exposed by the ShinyHunters extortion group, affected an estimated 119,000 people according to Have I Been Pwned.
Vimeo is a publicly traded video hosting and streaming platform with a global user base, hundreds of millions of registered users, and a sizeable workforce.
The incident followed a breach at Anodot, a data anomaly detection company whose integration with Vimeo was used for monitoring. Vimeo stated that the breach did not disrupt operations and did not expose user credentials or payment information.

What Happened

Timeline leading to disclosure:
In April, Vimeo detected unauthorized access tied to a breach at Anodot.
On April 27, Vimeo publicly acknowledged that customer and user data had been accessed following the Anodot breach.
Vimeo took immediate steps to limit access by disabling Anodot credentials and removing the Anodot integration from its systems. Third-party security experts were engaged for the investigation, and law enforcement was notified.
The company emphasized that the breach did not affect Vimeo video content, login credentials, or payment card information, and asserted that user and customer credentials remained secure.
The incident did not cause outages or disruptions to Vimeo’s services.

What Data Was Accessed

Vimeo indicated that the databases accessed primarily contained technical data, video titles, and metadata. In some instances, customer email addresses were exposed.
Have I Been Pwned analyzed the stolen data and reported that email addresses—and, in some cases, names—belonged to about 119,200 individuals.
The breach did not include the actual video content or sensitive financial information.

The Extortion Angle and Aftermath

After Vimeo’s disclosure, the ShinyHunters released a 106‑gigabyte archive of stolen documents on their dark web data leak site, following the company’s refusal to meet their extortion demands.
The extortion group claimed that data from Snowflake and BigQuery instances had been compromised via Anodot and indicated that Vimeo had not accepted their terms, despite “incredible patience” and offered opportunities.

Actor Profile: ShinyHunters and Associated Activities

ShinyHunters has been linked to a broader pattern of data theft and extortion involving multiple organizations.
The group has been connected to a widespread vishing campaign targeting employees and BPO agents’ Single Sign-On (SSO) accounts, including Microsoft Entra, Okta, and Google SSO.
Following breaches of SSO accounts, attackers purportedly gained access to connected SaaS applications such as Salesforce, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, Microsoft 365, Google Workspace, and others.

Broader Context: Other Breaches Attributed to ShinyHunters

In recent weeks, ShinyHunters claimed breaches or data theft affecting:
The European Commission
Rockstar Games (analytics data)
McGraw Hill (edtech, millions of accounts)
Medtronic (medical devices)
Carnival (cruise line operator)
Zara (fast fashion retailer)
7‑Eleven (convenience store chain)
Udemy (online training)
These incidents illustrate a pattern of high‑value targets and broad access to enterprise systems through compromised credentials or tokens.

Impact and Implications

For Individuals:
The primary exposure appears to be email addresses and, in some cases, names. No indication of exposed passwords, payment data, or direct access to video content is stated.
For Organizations:
The episode highlights the risk posed by third‑party integrations (Anodot) and the potential for attackers to pivot through SSO ecosystems to access multiple connected services.
It underscores the importance of securing third‑party credentials, monitoring integrations, and applying rapid containment steps when a breach is detected.
For the Security Community:
The incident reinforces the need for robust anomaly detection, rapid revocation of compromised credentials, and a coordinated response with law enforcement and incident responders.

Technical and Operational Details

Vendor and Platform Context:
Vimeo operates as a major video hosting and streaming platform with a large, global user base, and revenue data publicly reported for prior fiscal years.
Anodot, the misused data anomaly detection partner, played a critical role in the access chain that enabled the breach.
Containment Measures:
Vimeo promptly disabled Anodot credentials and severed the integration to prevent ongoing unauthorized access.
Affected systems were isolated from the broader environment as part of an incident response, with external security experts engaged to assist in the investigation.
Data Handling and Privacy Stance:
Vimeo asserted that no customer payment data or login credentials were compromised and that core service integrity was preserved.

Related Themes in the Security Landscape

The role of third‑party services as potential threat vectors, particularly when integrated into critical data workflows and authentication ecosystems.
The ongoing risk associated with SSO accounts and token‑based access, which can serve as a gateway to multiple connected SaaS applications when compromised.
The importance of rapid credential revocation and independent verification after a breach to limit attacker dwell time.

Bottom Line

The Vimeo incident, tied to the Anodot breach and subsequently amplified by the ShinyHunters leak, resulted in the exposure of personally identifiable information for tens of thousands of individuals, chiefly email addresses and some names.
While the breach did not reveal video content or financial data, it serves as a stark reminder of the interconnected nature of modern cloud services and the cascading risk that can arise from compromised third‑party integrations and SSO ecosystems.
The episode underscores the ongoing need for vigilant monitoring, swift containment, and transparent communication in incident response to minimize harm to users and organizations alike.

Vimeo data breach exposes personal information of 119,000 people

More from the Blog

Microsoft Adds Copilot Data Controls to All Storage Locations

Previously harmless Google API keys now expose Gemini AI data

Microsoft says bug in classic Outlook hides the mouse pointer

Stay Updated

Vimeo data breach exposes personal information of 119,000 people

More from the Blog

Microsoft Adds Copilot Data Controls to All Storage Locations

Previously harmless Google API keys now expose Gemini AI data

Microsoft says bug in classic Outlook hides the mouse pointer

Stay Updated