VYPR
breachPublished May 5, 2026· Updated May 17, 2026· 1 source

Vimeo Data Breach Exposes 119,000 Users via Third-Party Integration

The ShinyHunters extortion gang has leaked data belonging to 119,200 Vimeo users after compromising the video platform through a third-party integration with data analytics firm Anodot.

The ShinyHunters extortion gang has leaked a 106GB archive of stolen data belonging to Vimeo, impacting approximately 119,200 individuals BleepingComputer. The breach originated not from a direct compromise of Vimeo’s primary infrastructure, but through a third-party integration with Anodot, a data anomaly detection provider. According to the threat actors, they gained access to Vimeo’s Snowflake and BigQuery instances by leveraging compromised Anodot credentials BleepingComputer.

Vimeo confirmed the unauthorized access on April 27, stating that the exposed data primarily consisted of technical information, video titles, metadata, and customer email addresses. The company emphasized that the incident did not result in the exposure of user passwords, financial information, or actual video content. Vimeo reported that its core systems remained operational throughout the incident and that no service disruptions occurred BleepingComputer.

In response to the discovery, Vimeo moved to secure its environment by disabling all Anodot-related credentials and severing the integration between the two platforms. The company has engaged third-party security experts to conduct a forensic investigation and has notified law enforcement agencies regarding the breach BleepingComputer.

The leak followed a failed extortion attempt by ShinyHunters, who published the stolen data on their dark web site after Vimeo refused to meet their demands. While Vimeo has not officially confirmed the total count of affected users, the data breach notification service *Have I Been Pwned* analyzed the leaked archive and determined that the records of 119,200 individuals were compromised, including names and email addresses in many instances BleepingComputer.

ShinyHunters has recently claimed a series of high-profile breaches, asserting that they have targeted dozens of organizations by exploiting Anodot authentication tokens. The group’s broader operational pattern involves compromising corporate Single Sign-On (SSO) accounts—including Microsoft Entra, Okta, and Google—to gain unauthorized access to connected SaaS applications such as Salesforce, Slack, and Zendesk. Their recent activity includes alleged attacks against the European Commission, Rockstar Games, and Medtronic BleepingComputer.

This incident highlights the persistent risks associated with third-party SaaS integrations and the supply chain vulnerabilities inherent in modern cloud environments. As organizations increasingly rely on interconnected platforms for data analytics and anomaly detection, the security of authentication tokens and API integrations remains a critical vector for threat actors. The ability of groups like ShinyHunters to pivot from third-party compromises into sensitive cloud data stores like Snowflake and BigQuery underscores the importance of rigorous access management and continuous monitoring of third-party service permissions BleepingComputer.

Synthesized by Vypr AI