Vimeo Confirms Anodot Breach Exposed User Data, Shinyhunters Threaten Leak

Vimeo confirmed that an intrusion at analytics vendor Anodot exposed user metadata and email addresses, while Shinyhunters threatened to leak the data unless a ransom is paid by Thursday. The breach did not reveal video content, login credentials, or payment information, and Vimeo reported no service disruption.

Vimeo uses Anodot for business analytics and discovered the issue after Shinyhunters added the company to their leak site on Tuesday morning. The gang set a two‑day deadline for payment, threatening to publish the stolen data if the ransom is not met. Vimeo’s security team said they disabled all Anodot credentials, removed the integration, and enlisted third‑party investigators while notifying law enforcement.

The exposed data includes technical details, video titles, metadata, and some email addresses belonging to Vimeo users and customers. Shinyhunters is known for voice and email phishing campaigns that harvest authentication tokens, which they then use to access cloud environments of more than a dozen organizations without directly breaching those firms. The group has previously targeted McGraw Hill, ADT, Rockstar Games, and Match Group, often linking intrusions to third‑party compromises like the Anodot incident.

For defenders, the incident highlights the risk of trusted third‑party services and the importance of securing OAuth tokens and API keys. Recommended actions include: enforce multi‑factor authentication on all privileged and service accounts; rotate and revoke any tokens issued by compromised vendors; monitor for anomalous token usage or unusual API calls using detection rules for MITRE ATT&CK techniques T1566 (Phishing) and T1078 (Valid Accounts); disable unused third‑party integrations; and apply least‑privilege access controls to analytics platforms. Refer to CISA guidance on securing cloud service accounts and consider deploying UEBA tools to spot credential misuse.

Watch for whether Shinyhunters follows through on the leak threat, any further extortion attempts tied to the Anodot supply chain, and Vimeo’s public remediation updates.