Vimeo Data Breach Exposes 119000 Users Unique Email Addresses

In a significant supply chain security incident, the popular video hosting platform Vimeo has confirmed a data breach that exposed user information. Discovered in April 2026, the breach exposed 119,000 unique email addresses and other metadata. The incident highlights the growing risks associated with third-party service providers, as the compromise did not occur directly on Vimeo’s infrastructure but rather through an analytics vendor. The notorious extortion group known as ShinyHunters claimed responsibility for the attack. Shinyhunters Breach Claim They added Vimeo to their public extortion portal as part of an aggressive “pay or leak” campaign. Following the initial threat, the threat actors published hundreds of gigabytes of stolen data online. Google Threat Intelligence has also released a report detailing the expansion of ShinyHunters’ software-as-a-service data theft operations, directly associating the threat group with this specific vendor compromise. While the sheer volume of leaked data is massive, the contents primarily consist of technical records rather than highly sensitive financial information. The exposed databases contained video titles, system metadata, and technical logs. However, the most concerning aspect for users is the exposure of 119,000 unique email addresses, which were sometimes accompanied by user names. Data breach notification service Have I Been Pwned
Read More