Vimeo Confirms Data Breach – Hackers Accessed Users Database

HomeCyber Security News Vimeo Confirms Data Breach – Hackers Accessed Users Database By Abinaya April 29, 2026 Video hosting platform Vimeo has confirmed a data breach resulting in unauthorized access to its user database. The security incident stems from a compromise at Anodot, a third-party analytics vendor utilized by Vimeo and several other major organizations. This event highlights the escalating threat of supply chain attacks within the software-as-a-service (SaaS) ecosystem. The breach has been linked to the notorious threat actor group known as ShinyHunters. Shinyhunters Breach Claim According to a recent Google Threat Intelligence report, ShinyHunters has been actively conducting widespread SaaS data theft campaigns. The attackers likely leveraged trusted API connections between Anodot and its clients to access Vimeo’s environment. This method represents a classic supply chain compromise, allowing threat actors to bypass a primary target’s perimeter defenses by exploiting a vendor link. Scope of Compromised Data Vimeo’s security team has completed an initial forensic analysis to determine the extent of the data exposure. The unauthorized actor successfully extracted specific datasets from the company’s infrastructure. The compromised databases contained the following information: Internal technical operational data. Video titles and associated metadata. Customer and user email addresses in certain instances. Vimeo has confirmed that the core infrastructure remains intact and highly sensitive user data was not exposed. The threat actors did not access actual video content, valid user login credentials, or any payment card information. Upon detecting the unauthorized access, Vimeo executed an immediate incident response protocol to contain the threat and prevent further data exfiltration. The company implemented the following security measures: Promptly disabled all active Anodot service credentials. Completely severed and removed the Anodot integration from Vimeo’s internal systems. Engaged external digital forensics and incident response experts to assist with the investigation. Notified relevant law enforcement agencies to track the threat actor’s activities. Vimeo has assured its customer base that the security incident did not disrupt its hosting services or internal systems. Because user passwords and financial data remain secure, Vimeo has not forced a mandatory password reset for its platform. Since some user email addresses were exposed, customers should remain vigilant against potential targeted phishing campaigns. Threat actors often use stolen emails in combination with scraped metadata to craft convincing social engineering attacks. Vimeo stated that the investigation is still ongoing and promised to provide further updates as new forensic evidence emerges. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News WhatsApp Testing Own Cloud Backup Provider for Default End-to-End Encryption Hackers Abuse Fake Wallpaper App and YouTube Channel to Spread notnullOSX Malware Checkmarx KICS Official Docker Repo Compromised to Inject Malicious Code Hackers Use Pastebin-Hosted PowerShell Script to Steal Telegram Sessions Multiple OpenClaw Vulnerabilities Enables Policy Bypass and Host Override Latest News Cyber Security News Hugging Face LeRobot Vulnerability Enables Unauthenticated RCE Attacks Chrome Critical Chrome Vulnerabilities Enables Remote Code Execution Attacks Cyber Security News New VECT 2.0 Ransomware Destroys Files Over 128 KB Across Windows, Linux, and ESXi Cyber Security News New BlueNoroff Campaign Uses Fileless PowerShell and AI-Generated Zoom Lures Cyber Security News cPanel Warns of Critical Authentication Flaw – Emergency Patch Released