Vimeo data breach exposes personal information of 119,000 users after Anodot incident

The video-sharing platform Vimeo has confirmed that it was affected by a data breach linked to a wider security incident involving the analytics company Anodot. The breach, which took place in April 2026, has now been reported to have impacted more than 119,000 individuals, according to new analysis published by the data breach notification service Have I Been Pwned?

Vimeo initially informed users that a security incident had occurred after attackers gained access through third-party integration features. The intrusion was associated with the ShinyHunters hacking group, which is believed to have exploited access to Anodot’s cloud-based systems. These systems included Snowflake accounts used by customers, among them Vimeo.

Anodot is an artificial intelligence-driven analytics platform designed to detect anomalies in business data in real time. Organisations use it to identify issues such as sudden drops in sales, unexpected increases in costs, or technical faults that could affect operations. In this case, however, the platform’s integration capabilities appear to have been used as an entry point for unauthorised access.

At the time of disclosure, Vimeo stated that the attackers may have accessed technical data, video titles and related metadata. The company also noted that in some cases, customer email addresses might have been compromised. However, it lacked clarity about the number of individuals affected or the full scope of the incident.

Extortion attempt and large-scale data leak

The situation escalated after negotiations between the attackers and affected parties reportedly broke down. The ShinyHunters group subsequently released a large volume of stolen material totalling approximately 106 GB. The leak included documents allegedly taken from compromised systems linked to Anodot’s infrastructure.

According to reporting from BleepingComputer, the attackers claimed responsibility for the breach and referenced the compromised environments in a message accompanying the leaked files. They reportedly stated: “Your Snowflake and BigQuery instances’ data was compromised thanks to Anodot.com,” adding, “The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made.”

Following the publication of the leaked archive, Have I Been Pwned? carried out an independent review of the material. The service confirmed that the exposed data included email addresses belonging to approximately 119,200 individuals, along with some names. This marked a significant increase in the scale of the breach compared with Vimeo’s initial assessment.

The exposure of such data underscores the growing risks posed by third-party cloud services and integrated platforms. While the stolen information does not appear to include highly sensitive personal identifiers such as passwords or financial details, cybersecurity experts often warn that even basic contact information can be valuable to attackers when combined with other data sources.

Risks of phishing and user caution are advised

Although the compromised dataset appears to be limited largely to names and email addresses, security specialists caution that such information can still be misused. Cybercriminals frequently use breached contact details to launch phishing campaigns, in which individuals receive deceptive emails designed to appear legitimate and trick them into revealing further personal information or login credentials.

In this case, affected users could be targeted with messages that appear to come from Vimeo or related services. These emails may reference account issues, billing concerns, or security alerts to prompt recipients to click on malicious links or provide sensitive information. Even when no passwords are directly exposed, such tactics can lead to further account compromises if users are not vigilant.

Vimeo users and others potentially affected by the breach are therefore being advised to exercise caution when receiving unexpected emails, particularly those requesting account verification or urging immediate action. Security experts recommend verifying the authenticity of any communication directly through official websites rather than clicking on embedded links.

The incident adds to a growing list of cyberattacks targeting cloud-based infrastructure and third-party integrations, underscoring the importance of robust security controls across interconnected systems. As investigations continue, attention is likely to remain on how attackers exploited access to Anodot’s platform and the broader implications for organisations relying on similar services.