Video platform Vimeo has confirmed that personal information belonging to more than 119,000 users was exposed following a cyberattack linked to the ShinyHunters extortion group.
The incident stems from a breach involving Anodot, a third-party analytics provider used by Vimeo and multiple other companies. According to Vimeo, attackers gained unauthorized access to certain user and customer data through the compromised integration.
Data breach tracking service Have I Been Pwned later confirmed that the exposed dataset contains approximately 119,200 unique email addresses, in some cases accompanied by names.
Vimeo said the compromised information primarily included technical data, video titles, metadata, and some customer email addresses. The company emphasized that uploaded video content, user login credentials, and payment card information were not accessed during the incident.
The attack has been linked to the ShinyHunters cybercrime group, which publicly listed Vimeo on its extortion portal and threatened to leak stolen files unless a ransom demand was met. The group claimed to have accessed data from Vimeo’s Snowflake and BigQuery environments through the Anodot compromise.
Security researchers say the incident reflects a broader trend of attackers targeting third-party integrations and cloud analytics platforms to gain downstream access to customer environments. In this case, compromised authentication tokens tied to Anodot reportedly allowed unauthorized access without directly breaching Vimeo’s own infrastructure.
Following the discovery, Vimeo revoked all Anodot credentials, removed the analytics integration from its systems, and engaged external cybersecurity experts to investigate the breach. The company also notified law enforcement authorities.
The company stated that the attack did not disrupt services or platform operations. However, exposed email addresses and metadata could still create phishing and social engineering risks for affected users, especially as cybercriminal groups increasingly weaponize leaked datasets in follow-up campaigns.
The breach adds Vimeo to a growing list of organizations affected by attacks connected to Anodot and ShinyHunters’ activity in 2026. Investigators believe the campaign has impacted multiple companies through interconnected cloud services and analytics integrations.