119,000 — that is the number at the center of a fresh claim: the threat actor group ShinyHunters says a data dump has put 119K Vimeo email addresses in the wild, according to a story published by The Register on 2026/05/05.
ShinyHunters' claim
The headline published by The Register reports that ShinyHunters "claims dump puts 119K Vimeo emails in the wild." The assertion is presented as a claim by the group; the published item identifies ShinyHunters as the actor making the allegation and names Vimeo as the service tied to the email addresses. Beyond the headline-level claim, the accessible source material supplied here does not include direct quotations, supporting logs, or secondary confirmations.
The 119,000 email figure
The specific figure—119K—is central to the report. As published, that number refers to email addresses tied to Vimeo that ShinyHunters says are now publicly exposed. The Register headline frames the disclosure as a dump and quantifies it precisely; it does not, in the text available here, describe file formats, accompanying data fields, or whether other types of user data were included in the claimed leak.
Vimeo, the named platform
Vimeo is the platform identified in the claim. The Register headline places the company’s user-address dataset at the center of the allegation, but the item supplied for this briefing does not include any statement from Vimeo, a confirmation of intrusion, nor any detail on the company’s visibility into or response to the alleged release. The available record is therefore limited to the claim attributed to ShinyHunters and the numerical scope of 119,000 email addresses.
What this means for Vimeo users, security teams, and threat actors
- Vimeo users: The claim specifically names email addresses associated with the platform. Recipients of unsolicited messages or suspicious account activity who also see their email addressed listed in public dumps commonly take steps such as changing passwords and watching for suspicious messages. The headline’s identification of an email-focused release signals that email recipients may wish to exercise caution.
- Security teams at Vimeo: The company is the named subject of the claim. An organization in Vimeo’s position would typically assess the authenticity of any claimed data set, investigate the potential source and access vector, and determine whether user accounts or backend systems were affected. The published material does not report whether such steps have been taken or any outcomes from them.
- Threat actors and opportunistic fraudsters: The headline frames the incident as an email-oriented dump. In scenarios where email lists are exposed, malicious actors commonly re-use addresses for phishing, spam, or credential-stuffing campaigns. The article as reported here does not describe subsequent misuse, only the original claim of exposure.
The public record provided here is tightly constrained: a headline attributing to ShinyHunters the claim that 119,000 Vimeo email addresses were dumped. That specificity — actor name, platform, and numeric scope — is notable in itself and is the clearest factual stake in the material. What remains open, on the evidence supplied: whether the dataset is authentic, whether additional user data beyond email addresses was involved, and whether Vimeo has confirmed or refuted the claim.
For readers seeking the original reporting, the story can be found at The Register: https://www.theregister.com/security/2026/05/05/shinyhunters-claims-119k-vimeo-emails-in-the-wild/5227389
