What Happened
In April 2026, video platform Vimeo (vimeo.com) suffered a data breach after the ShinyHunters extortion group accessed its Snowflake and BigQuery cloud environments via a compromised third‑party analytics vendor, Anodot, in a supply‑chain style attack. The incident, detected and disclosed around April 27–28, 2026, exposed primarily technical data, video titles, and metadata, along with personal information for roughly 119,000–120,000 users (around 119,200 unique accounts), including email addresses and, in some cases, names. Vimeo stated that no video content, valid user login credentials, or payment card information were compromised and that its services were not disrupted. After failed ransom negotiations, ShinyHunters leaked an archive of about 106 GB of stolen data, while Vimeo disabled all Anodot access, removed the integration, engaged external security experts, and notified law enforcement.


