VIMEO has confirmed a data breach affecting user and customer data after an attack involving a third-party vendor, with ShinyHunters claiming credit for the intrusion. According to Vimeo, hackers accessed databases containing technical data, video titles and metadata, and the email addresses of some customers, while Vimeo video content, valid user login credentials, and payment card information were not compromised.
The attackers targeted the Anodot analytics platform, and following the incident Anodot credentials have been disabled and integration with Vimeo systems has been removed; the investigation is ongoing and law enforcement has been notified. ShinyHunters says it obtained data from Vimeo’s Snowflake and BigQuery instances and is threatening to leak stolen files unless a ransom is paid, with a deadline of 30 April 2026 to respond. The breach was announced on 28 April 2026 by Education Kovacs for SecurityWeek.