ShinyHunters claims dump puts 119K Vimeo emails in the wild – The Register

More than 119,000 Vimeo users’s email addresses were extracted in a breach traced to a third-party analytics vendor, according to Have I Been Pwned. The incident first surfaced in April when the ShinyHunters crew added Vimeo to its growing “pay or leak” hit list, claiming it had pulled hundreds of gigabytes of data and threatening to dump the lot unless a deal was struck. That dump has since landed, and breach notification service Have I Been Pwned now puts a number on at least part of the fallout: 119,000 unique email addresses, in some cases paired with names. Vimeo last week confirmed that data was taken, but stopped short of saying how many people were affected. The company pinned the incident on Anodot, a third-party analytics provider used across its systems, and said the attacker gained access via that integration rather than breaking into Vimeo directly. Anodot has not said anything publicly, but its status page shows the incident kicked off on April 4. According to Vimeo, the stolen databases were heavy on technical data, video titles, metadata, and some customer email addresses. The company has been keen to stress what was not included: no actual video content, no valid
Read More