Vimeo disclosed that some customer and user data was accessed without authorization after a breach at Anodot, with exposed information mainly consisting of technical data, video titles, metadata, and some email addresses. The extortion group ShinyHunters claimed the incident and threatened to publish data from Vimeoβs Snowflake and BigQuery instances, prompting Vimeo to disable Anodot credentials, remove the integration, and investigate with third-party experts and law enforcement. #Vimeo #ShinyHunters
Keypoints
- An unauthorized actor accessed Vimeo user and customer data following the Anodot breach.
- Exposed data primarily included technical details, video titles, metadata, and some email addresses.
- ShinyHunters claimed responsibility and listed Vimeo on its extortion portal, threatening to leak data.
- Vimeo confirmed uploaded video content, account credentials, and payment card information were not exposed.
- Vimeo disabled Anodot credentials, removed the service integration, and is investigating with security experts and law enforcement.