Vimeo has confirmed a data breach stemming from a supply chain attack targeting Anodot, a third-party business analytics and anomaly detection provider integrated into its infrastructure.
The incident was publicly claimed by ShinyHunters, the prolific cybercriminal extortion group, which issued a blunt ransom deadline of April 30, 2026, warning: “Pay or Leak.”
ShinyHunters executed the breach by stealing authentication tokens from Anodot’s infrastructure and leveraging them to pivot into downstream customer environments, specifically cloud data warehouses.
In Vimeo’s case, attackers accessed data stored in both Snowflake and Google BigQuery instances, according to the group’s post on its dark web extortion portal.
Vimeo Data Breach Confirmed
Google Threat Intelligence has published a report directly linking the unauthorized actor to ShinyHunters’ broader SaaS data theft campaign, reinforcing the attribution.
Because Anodot integrates with cloud platforms used by dozens of enterprises, this attack carries significant supply chain implications across multiple sectors.
ShinyHunters’ leak site currently lists three confirmed victims compromised via Anodot: Vimeo, Rockstar Games, and fashion retailer Zara.
Vimeo’s initial investigation confirmed the compromised databases primarily contained:
- Technical data and system-level information
- Video titles and associated metadata
- Customer email addresses in select cases
Vimeo explicitly confirmed that no video content, valid login credentials, or payment card data were exposed. With a reported user base of 287 million, the precise number of affected individuals remains undisclosed.
The group posted a direct warning to Vimeo: “Your Snowflake and BigQuery instances’ data was compromised thanks to Anodot.com. Pay or Leak. This is a final warning to reach out by 30 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way.”
This threat follows ShinyHunters’ recent claim of stealing 11GB of data from home security firm ADT, allegedly impacting approximately 5.5 million users, signaling an escalation in the group’s extortion tempo.
Upon confirming the incident, Vimeo took immediate action:
- Disabled all Anodot credentials tied to Vimeo systems
- Fully removed the Anodot integration from its infrastructure
- Engaged third-party cybersecurity experts for forensic investigation
- Notified law enforcement authorities
Mitigations
While passwords were not exposed, users should take precautions:
- Enable two-factor authentication (2FA) on Vimeo and all linked accounts
- Monitor for phishing emails impersonating Vimeo, as harvested addresses may be weaponized
- Treat unsolicited emails referencing Vimeo accounts, video links, or billing with suspicion
This breach reinforces how a single compromised third-party analytics vendor can cascade across multiple enterprise environments, exposing a systemic and growing risk within today’s deeply interconnected SaaS ecosystem.
No Comment! Be the first one.