Vimeo Data Breach 2026: ShinyHunters Exploit Anodot Integration to Expose 119,000 User …

Executive Summary In April 2026, Vimeo disclosed a data breach affecting approximately 119,000 users, resulting from a compromise at its third-party analytics provider, Anodot. The breach was attributed to the ShinyHunters extortion group, who accessed Vimeo’s Snowflake and BigQuery cloud environments using stolen authentication tokens. The attackers exfiltrated email addresses, video titles, and technical metadata, but did not access uploaded video content, account credentials, or payment card information. Vimeo’s platform operations were not disrupted. The company has disabled all Anodot credentials, removed the service’s integration, and is working with third-party security experts and law enforcement to investigate the incident. The breach highlights the risks associated with third-party integrations in the SaaS and video hosting sector and underscores the importance of supply chain security and rapid deactivation of compromised credentials. All information in this summary is based on verified disclosures from Vimeo and independent security reporting as of April 29, 2026 (BleepingComputer, Penta Security, SecurityWeek). Technical Information The Vimeo data breach in April 2026 was the result of a supply chain compromise involving Anodot, a third-party analytics provider. Attackers, identified as the ShinyHunters group, exploited the trust relationship between Vimeo and Anodot to gain unauthorized access to Vimeo’s cloud data environments, specifically Snowflake and BigQuery. The attack leveraged stolen authentication tokens, which
Read More