The cybercriminal group ShinyHunters has claimed responsibility for a data breach involving video platform Vimeo, issuing a “pay or leak” ultimatum after alleging it gained access to company data through a third-party compromise.
According to the group’s post on its leak site, attackers said they accessed Vimeo’s Snowflake and Google BigQuery environments, reportedly leveraging a prior breach of Israeli analytics provider Anodot. The message included a direct warning to the company, indicating that stolen data could be released publicly if ransom demands are not met.
The claim forms part of a broader pattern of attacks linked to ShinyHunters, which has increasingly focused on exploiting cloud-based systems and third-party integrations to access large datasets. The group is known for using data exfiltration as its primary tactic, relying on extortion rather than system disruption.
Vimeo has acknowledged a security incident tied to a third-party provider and confirmed that unauthorized access to certain user and customer data occurred. The company stated that it has taken steps to secure its systems, including disabling affected integrations and engaging external cybersecurity experts to support the investigation.
Initial findings indicate that the compromised data primarily includes technical information such as video metadata and titles, along with some user email addresses. Vimeo emphasized that no video content, login credentials, or payment card data were exposed in the incident. The company also reported no disruption to its services.
The attack appears to be linked to a wider campaign targeting organizations that rely on cloud data platforms. Security researchers have previously noted that breaches involving SaaS integrations can create cascading risks, where attackers reuse stolen authentication tokens or credentials to access multiple downstream systems.
ShinyHunters has been associated with a series of high-profile incidents in recent months, targeting organizations across sectors including education, finance, and technology. The group’s operations often involve issuing short deadlines to pressure victims into negotiations, followed by public leaks if demands are not met.
At the time of reporting, the full scope of the Vimeo incident remains under investigation. It is unclear whether negotiations are ongoing or if any data has been released. The case highlights ongoing risks tied to third-party dependencies, particularly in environments where cloud services and external integrations are deeply embedded in core operations.