Emerging ThreatsData Breaches

Vimeo Breach Exposes 119,000 in Data Heist by ShinyHunters Gang

Analyst 207||Source: BleepingComputer
Server room with laptop screen blurred, hinting at a security breach.
119,200 people had their email addresses and, in some cases, names exposed in stolen files after the ShinyHunters extortion gang hacked the Vimeo platform, data breach notification service Have I Been Pwned reported.

How the intrusion reached Vimeo via Anodot

Vimeo disclosed on April 27 that customer and user data had been accessed without authorization following a recent breach at Anodot, a data anomaly detection company. According to reporting, the ShinyHunters group said it used Anodot authentication tokens to pull data from multiple victims; the extortion gang previously told BleepingComputer it had stolen data from dozens of companies using those tokens. Vimeo said it disabled all Anodot credentials and removed the Anodot integration after detecting the breach.

What Vimeo says was taken — and what wasn't

Vimeo's initial findings, as released by the company, indicate the databases accessed primarily contain technical data, video titles and metadata, and, in some cases, customer email addresses. The company stated the data accessed does not include Vimeo video content, valid user login credentials, or payment card information, and that user and customer login credentials are secure. Vimeo added the incident did not cause any disruption to its systems or service, that it engaged third-party security experts to assist with the investigation, and that it notified law enforcement.

ShinyHunters' leak and extortion claims

After Vimeo disclosed the incident, ShinyHunters published a 106GB archive of stolen documents on its dark web data leak site, saying the group leaked the material after failing to extort the company. The extortion message published by the gang included: "Your Snowflake and Bigquery instances data was compromised thanks to Anodot.com" and "The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made." Have I Been Pwned analyzed the leaked material and reported the breach exposed the email addresses and, in some cases, names of 119,200 people. Vimeo has not disclosed the total number of individuals affected.

ShinyHunters' methods and broader targeting

The group has described multiple operational techniques in recent weeks. ShinyHunters told BleepingComputer it attempted to steal data from Salesforce instances but was blocked by AI-based detection. The gang has also been linked to a widespread vishing campaign that targets employees' and business process outsourcing (BPO) agents' Microsoft Entra, Okta, and Google SSO accounts. After breaching corporate SSO accounts, ShinyHunters said it steals data from connected SaaS applications, naming victims that include Salesforce, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, Microsoft 365, and Google Workspace.

Vimeo's scale and what was at stake

Vimeo is a video hosting and streaming platform publicly traded on the Nasdaq, with over 300 million registered users and more than 1,100 employees. The company reported revenues of $417 million for fiscal year 2024. Those figures underscore why a third-party integration compromise drew immediate attention: even if Vimeo's statement that login credentials and payment information were not exposed is accurate, the leaked technical data, video titles, metadata, and contact details still represent sensitive operational and privacy information for a large user base.

What this means for technologists, enterprises, and end users

  • Technologists and security teams: The incident highlights the risk posed by third-party integrations and the need to manage and promptly revoke credentials when a partner is breached — Vimeo disabled Anodot credentials and removed the integration after detection. Teams will also note that AI-based detection previously blocked an attempted Salesforce compromise, per ShinyHunters' account.
  • Enterprises and procurement leaders: Organizations that use Anodot, Snowflake, BigQuery, or extensive SaaS stacks should examine how authentication tokens and integrations are issued and monitored, given ShinyHunters' claims about harvesting data via Anodot tokens and cloud data instances.
  • End users: While Vimeo says user login credentials and payment card information were not exposed, Have I Been Pwned's count of 119,200 email addresses and names means some customers can expect an elevated risk of targeted phishing and should remain cautious about unsolicited messages.

The episode illustrates a familiar pattern: a compromise at a monitoring or analytics provider can cascade to customer platforms, and an extortion demand can become a public leak when negotiations fail. ShinyHunters' 106GB dump and Have I Been Pwned's analysis make this incident tangible; Vimeo's immediate revocation of Anodot access and engagement of outside experts show the company's containment steps. What remains to be resolved is the full list of affected parties — ShinyHunters says it stole data from dozens of companies using Anodot tokens — and whether additional victims will surface as investigators and defenders continue their work.

Original story

Data BreachEmerging ThreatsShinyhuntersSupply ChainAnodotHave I Been PwnedVimeoExtortion Gang
Related Intelligence

Continue Reading

Brightly-lit office setting with computer workstation in foreground and blurred screen.

Multiple Breaches Expose Sensitive Data Across Industries

Sensitive data has been compromised across various industries in a series of alarming breaches, including a clever social engineering scam that exposed info of 6 million Carnival Corporation customers and two incidents involving learning management company Instructure's Canvas platform. These breaches highlight the growing threat of cyber attacks and the importance of robust data protection measures.

Analyst 207
Dental office with scattered papers and blurred computer screen.

DentaQuest Breach Exposes 2.6 Million Accounts

A major data breach at DentaQuest has exposed a staggering 2.6 million accounts, after an extortion group called ShinyHunters claimed to have stolen over 234 GB of sensitive data. The breach was confirmed by DentaQuest on June 2, who assured customers they are actively managing the cybersecurity incident.

Analyst 207
Secure server room interior with highlighted network cable.

Secure Infrastructure Unlocks AI's Defense Potential

As Dave Wajsgras, chairman and CEO of Everfox, aptly puts it, AI's trustworthiness is only as strong as the security of its underlying data, networks, and access controls. A recent incident involving Anthropic's Claude Mythos model serves as a stark reminder of the risks, with an unauthorized group reportedly gaining access in mere hours.

Analyst 207
Crowded stadium concourse with people walking, some on phones, with a laptop on a food tray in the foreground.

Cybercriminals Target FIFA World Cup 2026 with Sophisticated Scams

As the 2026 FIFA World Cup approaches, cybercriminals are gearing up to scam unsuspecting fans with sophisticated ticketing scams, counterfeit sites, and panic-inducing mechanics. Experts warn that this major event has become a prime target for cyberattacks, with thousands of fraudulent domains and fake Facebook ads already circulating.

Analyst 207