Vimeo Breach: ShinyHunters Leaks User Data via Third-Party Vendor Anodot
Have I Been Pwned reports that Vimeo was listed on the ShinyHunters extortion portal in April 2026 as part of a βpay or leakβ campaign. The threat group subsequently published hundreds of gigabytes of data, primarily consisting of video titles, technical data, and metadata. Critically, the leak also included 119,000 unique email addresses, some accompanied by names.
Vimeo attributed this exposure to a breach of Anodot, a third-party analytics vendor. The company has stated that the incident did not compromise βVimeo video content, valid user login credentials, or payment card information.β However, the presence of email addresses and names in a public data dump is a significant concern for user privacy and potential follow-on attacks.
This incident underscores the pervasive risk posed by third-party vendors. Attackers consistently target the weakest link, and often thatβs not the primary organization but one of its many service providers. Defenders must assume that any data shared with third parties is a potential future breach vector.
What This Means For You
- If your organization uses Vimeo, understand that 119,000 email addresses and some names are now exposed. While login credentials were not directly compromised, this data is gold for phishing and social engineering attacks. Advise your users to be vigilant against suspicious emails, even if they appear to originate from Vimeo or related services. Review your third-party risk management strategy; this is a clear example of how a breach at a vendor like Anodot directly impacts your users and brand.
π‘οΈ Detection Rules
3 rules Β· 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β export to any SIEM format via the Intel Bot.
Vimeo Data Leak - Anodot Vendor Compromise
Written by SCW Research
Related coverage on
Weaver E-cology Critical Bug Exploited in Attacks Since March
BleepingComputer reports that a critical vulnerability, CVE-2026-22679, in Weaver E-cology office automation software has been under active exploitation since mid-March. Attackers are leveraging this flaw...
cPanel Authentication Bypass Vulnerability Exploited in the Wild
A critical authentication-bypass vulnerability in cPanel has sparked a "cyber-frenzy," according to Dark Reading. The flaw, which allows attackers to bypass authentication, saw multiple proof-of-concept...
Cisco Acquires Astrix Security to Secure Non-Human Identities
Cisco has announced its intent to acquire Astrix Security, a startup specializing in the security of non-human identities (NHIs). These include critical elements like API...