ShinyHunters stole personal information for more than 119,200 people after abusing Anodot authentication to access Vimeo and later posted a 106GB archive when extortion attempts failed. Vimeo says no video content, valid user login credentials, or payment card data were exposed, and it disabled Anodot access, engaged third-party security experts, and notified law enforcement. #ShinyHunters #Vimeo
Keypoints
- ShinyHunters accessed Vimeo data by exploiting Anodot authentication tokens.
- Have I Been Pwned reported that 119,200 email addresses and some names were exposed.
- The extortion gang leaked a 106GB archive after failing to reach a ransom agreement.
- Vimeo states no user credentials, payment card data, or video content were compromised and removed the Anodot integration.
- ShinyHunters targets corporate SSO and connected SaaS apps and has claimed multiple high-profile breaches.