The Vimeo data breach exposed personal information of 119,000 people

In late April, Vimeo notified its users about a security incident that came as a result of the Anodot breach, as the ShinyHunters gang broke in via the third-party integration features, accessed Anodot’s users’ Snowflake accounts, including Vimeo’s.

Anodot is an AI-powered, cloud-based analytics platform that hunts for business incidents and anomalies in real-time, helping businesses identify sudden drops in sales, cost spikes, or technical glitches before they can significantly impact the organization and its customers.

ShinyHunters leak the files

At first, Vimeo believed that the attackers stole technical data, video titles and metadata. It said that only in “some cases”, customer email addresses may have been compromised. The company also did not know, at the time, how many people were affected.

Now, since the negotiations with ShinyHunters broke down, the gang decided to leak 106GB of stolen documents.

"Your Snowflake and Bigquery instances data was compromised thanks to Anodot.com," the extortion gang allegedly said, as per BleepingComputer. "The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made."

At the same time, Have I Been Pwned? analyzed the archive and said it exposes 119,200 people’s email addresses and some names.

There is not much hackers can do with just emails and names, but they could send relatively convincing phishing emails or try to open up different accounts in victims’ names. Therefore, it would be wise to be cautious with incoming emails, especially those claiming to be from Vimeo.

Via BleepingComputer