top of page
perceptive_background_267k.jpg

Vimeo data breach exposes personal information of 119,000 people

Published:

5 mei 2026 om 13:03:46

Alert date:

5 mei 2026 om 14:01:41

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Data Breach & Exfiltration, Cloud & Virtualization, Enterprise Applications

The ShinyHunters extortion gang successfully breached Vimeo's online video platform in April, compromising personal information of over 119,000 users. The data breach was reported by Have I Been Pwned notification service. This represents a significant security incident affecting a major online platform with substantial user data exposure. The involvement of ShinyHunters, a known cybercriminal group, indicates this was a targeted attack rather than accidental exposure. The breach highlights ongoing risks to user data on popular online platforms.

Technical details

ShinyHunters extortion gang breached Vimeo through compromised Anodot authentication tokens in April 2026. The attack accessed databases containing technical data, video titles and metadata, and customer email addresses from Snowflake and BigQuery instances. After failed extortion attempts, the gang leaked a 106GB archive of stolen documents on their dark web leak site. The breach exposed email addresses and names of 119,200 people. ShinyHunters also conducts vishing campaigns targeting Microsoft Entra, Okta, and Google SSO accounts to steal data from connected SaaS applications.

Mitigation steps:

Vimeo disabled all Anodot credentials after detecting the breach, removed the Anodot integration with its systems, engaged third-party security experts for investigation, and notified law enforcement. Organizations should monitor for unauthorized access through third-party integrations and implement proper authentication token management.

Affected products:

Vimeo
Anodot
Snowflake
BigQuery
Salesforce
Microsoft Entra
Okta
Google SSO
SAP
Slack
Adobe
Atlassian
Zendesk
Dropbox
Microsoft 365
Google Workspace

Related links:

https://www.bleepingcomputer.com/news/security/video-service-vimeo-confirms-anodot-breach-exposed-user-data/
https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/
https://www.bleepingcomputer.com/news/security/shinyhunters-claim-to-be-behind-sso-account-data-theft-attacks/
https://www.bleepingcomputer.com/news/security/cert-eu-european-commission-hack-exposes-data-of-30-eu-entities/
https://www.bleepingcomputer.com/news/security/stolen-rockstar-games-analytics-data-leaked-by-extortion-gang/
https://www.bleepingcomputer.com/news/security/data-breach-at-edtech-giant-mcgraw-hill-affects-135-million-accounts/
https://www.bleepingcomputer.com/news/security/medtronic-confirms-breach-after-hackers-claim-9-million-records-theft/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page