Vimeo has confirmed that some customer and user data was accessed without authorization after the recent cyberattack involving Anodot.
According to Vimeo, the exposed information mainly includes technical data, video titles, and metadata. In some cases, customer email addresses were also accessed. The company said its early investigation shows the breach did not involve uploaded video content, account passwords, or payment card details.
The attack has been linked to the well-known extortion group ShinyHunters, which claimed responsibility and threatened to leak the stolen data by April 30 unless a ransom was paid.
Vimeo is one of the largest alternatives to YouTube, with more than 300 million registered users worldwide. The company says its platform operations were not disrupted during the incident.
Earlier this week, ShinyHunters listed Vimeo on its extortion site, claiming to have stolen data from the company’s Snowflake and BigQuery environments. The group also warned Vimeo to expect “several annoying digital problems.”
The wider Anodot breach reportedly involved attackers stealing authentication tokens and using them to access customer cloud environments, mainly Snowflake, where data was then copied from multiple affected organizations.
Other reported victims include Rockstar Games, with ShinyHunters claiming to have taken over 78.6 million records.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Vimeo said it has now disabled all Anodot credentials and removed the service’s access to internal systems. The company is working with outside cybersecurity experts and has informed law enforcement while the investigation continues.
