‘An unauthorized actor accessed certain Vimeo user and customer data’: Vimeo confirms security incident, blames attack on Anodot breach
- A third‑party breach exposed certain Vimeo user and customer data
- The accessed information included metadata and some email addresses, but not video content or payment details
- Vimeo disabled the integration, engaged external investigators, and was threatened with ransom demands
Popular video platform Vimeo has notified users some of their data may have been accessed by malicious third parties.
In a security incident announcement published on the company’s website, Vimeo said the unauthorized data access came as a result of the Anodot breach. Anodot is an AI-powered, cloud-based analytics platform that hunts for business incidents and anomalies in real-time, helping businesses identify sudden drops in sales, cost spikes, or technical glitches before they can significantly impact the organization and its customers.
In early April 2026, it was reported ShinyHunters broke in, and through the third-party integration features, accessed Anodot’s users’ Snowflake accounts. Apparently, more than a dozen companies were hit, but the only confirmed victim so far is Rockstar Games, the company behind the famed Grand Theft Auto and Red Dead Redemption game series – but now, Vimeo has stated it was also affected by this attack.
Article continues below
Confirmed Anodot incident
“We have identified that, as a result of the Anodot breach, an unauthorized actor accessed certain Vimeo user and customer data,” the announcement reads. “Our initial findings suggest that the databases accessed primarily contain technical data, video titles and metadata, and, in some cases, customer email addresses.”
Vimeo did not say how many people were affected by the attack, but stressed that video content, valid user login credentials, as well as payment card information, were not accessed.
“Vimeo user and customer login credentials are secure. This incident did not cause any disruption to our systems or service,” it concluded.
Following the discovery, Vimeo disabled all Anodot credentials, removed the integration, and brought in a third-party security company to assist with the postmortem. The police have also been notified.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The attack was claimed by ransomware actors ShinyHunters, who said they would publish the stolen files unless the company pays a ransom by April 30 2026.
Via BleepingComputer

The best antivirus for all budgets

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
Source
A third‑party breach exposed certain Vimeo user and customer data The accessed information included metadata and some email addresses, but not video content or payment details Vimeo disabled the integration, engaged external investigators, and was threatened with ransom demands Popular video platform Vimeo has notified users some of their data…
Recent Posts
- Dave Eggers told OpenAI staff that ChatGPT was ‘silencing an entire generation’
- France doubles down on restricting access to Polymarket
- Apple has banned home service content on upcoming Maps ads
- Google might not kneecap the Pixel 11a with an old processor
- How to watch France vs England: Free Streams, TV Channels & Kick-Off time for FIFA World Cup 2026 third place play-off
Archives
- July 2026
- June 2026
- May 2026
- April 2026
- March 2026
- February 2026
- January 2026
- December 2025
- November 2025
- October 2025
- September 2025
- August 2025
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023