'An unauthorized actor accessed certain Vimeo user and customer data': Vimeo confirms security incident, blames attack on Anodot breach

In a security incident announcement published on the company’s website, Vimeo said the unauthorized data access came as a result of the Anodot breach. Anodot is an AI-powered, cloud-based analytics platform that hunts for business incidents and anomalies in real-time, helping businesses identify sudden drops in sales, cost spikes, or technical glitches before they can significantly impact the organization and its customers.

In early April 2026, it was reported ShinyHunters broke in, and through the third-party integration features, accessed Anodot’s users’ Snowflake accounts. Apparently, more than a dozen companies were hit, but the only confirmed victim so far is Rockstar Games, the company behind the famed Grand Theft Auto and Red Dead Redemption game series - but now, Vimeo has stated it was also affected by this attack.

Confirmed Anodot incident

“We have identified that, as a result of the Anodot breach, an unauthorized actor accessed certain Vimeo user and customer data,” the announcement reads. “Our initial findings suggest that the databases accessed primarily contain technical data, video titles and metadata, and, in some cases, customer email addresses.”

Vimeo did not say how many people were affected by the attack, but stressed that video content, valid user login credentials, as well as payment card information, were not accessed.

“Vimeo user and customer login credentials are secure. This incident did not cause any disruption to our systems or service,” it concluded.

Following the discovery, Vimeo disabled all Anodot credentials, removed the integration, and brought in a third-party security company to assist with the postmortem. The police have also been notified.

The attack was claimed by ransomware actors ShinyHunters, who said they would publish the stolen files unless the company pays a ransom by April 30 2026.

Via BleepingComputer