- Vimeo breach exposed names and email addresses of around 119,000 users.
- Attack was linked to the compromise of analytics provider Anodot.
- ShinyHunters leaked 106GB of stolen files after failed negotiations.
- Experts warn victims could face phishing and identity fraud attempts.
Fresh analysis has revealed that the recent Vimeo data breach exposed the personal information of approximately 119,000 users after cybercriminal group ShinyHunters leaked a massive archive of stolen files online.
The incident, which first surfaced in April 2026, was initially believed to involve mostly technical information and video related metadata. However, newly reviewed datasets show the breach also included user email addresses and names, raising concerns over phishing attacks and identity related fraud.
The breach has now become part of a wider series of attacks tied to the compromise of Anodot, a cloud based analytics platform that integrates with Snowflake environments used by enterprise customers.
ShinyHunters leaks 106GB of stolen Vimeo files
According to reports surrounding the incident, the attackers gained access through Anodot’s third party integration features. This allegedly allowed them to reach customer Snowflake instances connected to the analytics platform, including Vimeo’s environment.
At the time the incident became public, Vimeo said the attackers had accessed technical data and some video metadata. The company also acknowledged that a limited number of customer email addresses may have been exposed, although it was unable to confirm the total number of affected individuals.
That picture changed after negotiations between Vimeo and ShinyHunters reportedly collapsed.
The cybercriminal group later leaked a 106GB archive containing the stolen information. In statements attributed to the gang, the attackers claimed Vimeo failed to reach an agreement despite repeated attempts during ransom discussions.
Security researchers and breach monitoring service Have I Been Pwned? later reviewed the leaked archive and determined that around 119,200 email addresses and associated names were included in the exposed data.
While the leak does not appear to contain passwords or financial information, cybersecurity experts warn that even limited personal data can create significant risks for users.
Why exposed email addresses still matter
Although names and email addresses may sound relatively harmless compared to payment data or login credentials, they can still be highly valuable to cybercriminals.
Attackers often use stolen contact information to launch targeted phishing campaigns designed to appear legitimate. Victims may receive emails pretending to come from Vimeo or related services, encouraging them to click malicious links, reset passwords, or download infected files.
These attacks become more convincing when hackers already know the victim’s name and the services they use.
Cybercriminals may also combine exposed data from multiple breaches to build more detailed user profiles. Over time, this information can be used for identity fraud attempts, account takeover attacks, or social engineering schemes aimed at bypassing security checks.
The exposure also highlights the growing risks tied to third party integrations and cloud based infrastructure. Companies increasingly rely on external analytics and automation tools, but each additional connection can create another entry point for attackers if security controls are not properly managed.
Vimeo users urged to stay alert
Users potentially affected by the breach are being advised to remain cautious when opening emails claiming to come from Vimeo or related platforms.
Security experts recommend avoiding suspicious attachments, double checking sender addresses, and never entering login credentials through links received via email. Enabling multi factor authentication wherever possible can also reduce the risk of account compromise.
The incident is another reminder that even indirect attacks through partners and vendors can have major consequences for large organizations and their customers.
ShinyHunters has previously been linked to several high profile breaches involving major technology firms and online platforms. The group frequently uses extortion tactics, threatening to publish stolen information if ransom demands are not met.
Follow TechBSB For More Updates
