CONSENSUS WIRE
← Back to Tech & Science

Vimeo Confirms Data Breach Following Attack on Third-Party Vendor

Tech & ScienceAI-Generated & Algorithmically Scored·

AI-generated from multiple sources. Verify before acting on this reporting.

NEW YORK — Vimeo confirmed Monday that hackers stole user and customer data following a cyberattack on a third-party analytics vendor, Anodot. The video hosting platform disclosed the breach after the ShinyHunters cybercrime group threatened to leak stolen files unless a ransom was paid.

The incident, discovered on April 28, 2026, involved unauthorized access to Vimeo's systems through Anodot, a data analytics platform integrated with Vimeo's infrastructure. ShinyHunters, a known cybercrime syndicate, claimed responsibility for the intrusion and demanded payment to prevent the public release of compromised information.

Vimeo stated that the breach affected user data, including names, email addresses, and hashed passwords, as well as customer account information. The company did not specify the number of individuals impacted but confirmed that no financial data was accessed. Vimeo has notified affected users and is working with cybersecurity experts to secure its systems.

The attack highlights vulnerabilities in third-party vendor relationships, a growing concern for technology companies relying on external services for analytics and monitoring. Anodot, based in the United States, has not publicly commented on the breach or its role in the incident.

ShinyHunters has a history of targeting high-profile organizations, often leveraging stolen data to pressure companies into paying ransoms. The group typically operates through dark web channels, posting demands and threatening to release sensitive information if payments are not made.

Vimeo has not confirmed whether a ransom was paid. The company emphasized its commitment to protecting user data and stated that it is cooperating with law enforcement agencies to investigate the incident. Federal authorities have not yet announced a formal investigation or filed charges.

The breach comes amid a surge in cyberattacks targeting media and technology companies in 2026. Industry analysts warn that third-party vendors remain a weak link in cybersecurity defenses, as attackers increasingly exploit supply chain vulnerabilities to gain access to larger organizations.

Vimeo has implemented additional security measures and is conducting a comprehensive review of its vendor relationships. The company urged users to change their passwords and enable two-factor authentication as a precaution.

Questions remain about the full extent of the data stolen and whether the information has already been leaked. ShinyHunters has not specified a deadline for the ransom demand, and Vimeo has not disclosed the contents of the stolen files.

The incident underscores the ongoing challenges companies face in securing their digital infrastructure against sophisticated cyber threats. As investigations continue, the focus remains on preventing further data exposure and holding the perpetrators accountable.