VIMEO confirmed a data breach stemming from a compromise at Anodot, a third‑party analytics vendor, exposing data for 119,000 users. The incident, which occurred in April 2026, is linked to the ShinyHunters extortion group, who reportedly listed Vimeo on their pay‑or‑leak portal and leaked hundreds of gigabytes of data. Have I Been Pwned is cited as noting that the attackers accessed user data via the Anodot breach, with the exposed information including 119k unique email addresses and, in some cases, names.
Vimeo said the incident did not involve video content, valid login credentials, or payment card information, and that services were not disrupted. In response, Vimeo disabled Anodot access, removed the integration, engaged external security experts, and notified law enforcement. The company added that the investigation is ongoing and updates will be provided as more details emerge.