'An unauthorized actor accessed certain Vimeo user and customer data': Vimeo confirms security incident, blames attack on Anodot breach

Vimeo did not say how many people were affected

News By Sead Fadilpašić published 29 April 2026

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter

• A third‑party breach exposed certain Vimeo user and customer data
• The accessed information included metadata and some email addresses, but not video content or payment details
• Vimeo disabled the integration, engaged external investigators, and was threatened with ransom demands

Popular video platform Vimeo has notified users some of their data may have been accessed by malicious third parties.

In a security incident announcement published on the company’s website, Vimeo said the unauthorized data access came as a result of the Anodot breach. Anodot is an AI-powered, cloud-based analytics platform that hunts for business incidents and anomalies in real-time, helping businesses identify sudden drops in sales, cost spikes, or technical glitches before they can significantly impact the organization and its customers.

In early April 2026, it was reported ShinyHunters broke in, and through the third-party integration features, accessed Anodot’s users’ Snowflake accounts. Apparently, more than a dozen companies were hit, but the only confirmed victim so far is Rockstar Games, the company behind the famed Grand Theft Auto and Red Dead Redemption game series - but now, Vimeo has stated it was also affected by this attack.

Article continues below

Confirmed Anodot incident

“We have identified that, as a result of the Anodot breach, an unauthorized actor accessed certain Vimeo user and customer data,” the announcement reads. “Our initial findings suggest that the databases accessed primarily contain technical data, video titles and metadata, and, in some cases, customer email addresses.”

Vimeo did not say how many people were affected by the attack, but stressed that video content, valid user login credentials, as well as payment card information, were not accessed.

“Vimeo user and customer login credentials are secure. This incident did not cause any disruption to our systems or service,” it concluded.

Following the discovery, Vimeo disabled all Anodot credentials, removed the integration, and brought in a third-party security company to assist with the postmortem. The police have also been notified.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors