'An unauthorized actor accessed certain Vimeo user and customer data': Vimeo confirms security incident, blames attack on Anodot breach

News
By published

Vimeo did not say how many people were affected

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)
  • A third‑party breach exposed certain Vimeo user and customer data
  • The accessed information included metadata and some email addresses, but not video content or payment details
  • Vimeo disabled the integration, engaged external investigators, and was threatened with ransom demands

Popular video platform Vimeo has notified users some of their data may have been accessed by malicious third parties.

In a security incident announcement published on the company’s website, Vimeo said the unauthorized data access came as a result of the Anodot breach. Anodot is an AI-powered, cloud-based analytics platform that hunts for business incidents and anomalies in real-time, helping businesses identify sudden drops in sales, cost spikes, or technical glitches before they can significantly impact the organization and its customers.

In early April 2026, it was reported ShinyHunters broke in, and through the third-party integration features, accessed Anodot’s users’ Snowflake accounts. Apparently, more than a dozen companies were hit, but the only confirmed victim so far is Rockstar Games, the company behind the famed Grand Theft Auto and Red Dead Redemption game series - but now, Vimeo has stated it was also affected by this attack.

Article continues below

Confirmed Anodot incident

“We have identified that, as a result of the Anodot breach, an unauthorized actor accessed certain Vimeo user and customer data,” the announcement reads. “Our initial findings suggest that the databases accessed primarily contain technical data, video titles and metadata, and, in some cases, customer email addresses.”

Vimeo did not say how many people were affected by the attack, but stressed that video content, valid user login credentials, as well as payment card information, were not accessed.

“Vimeo user and customer login credentials are secure. This incident did not cause any disruption to our systems or service,” it concluded.

Following the discovery, Vimeo disabled all Anodot credentials, removed the integration, and brought in a third-party security company to assist with the postmortem. The police have also been notified.

The attack was claimed by ransomware actors ShinyHunters, who said they would publish the stolen files unless the company pays a ransom by April 30 2026.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.