**Vimeo**, a publicly traded video hosting and streaming platform with over 300 million registered users, has confirmed a data breach stemming from a compromise at **Anodot**. The incident, disclosed on April 27th, involved unauthorized access to customer and user data. ## Initial Disclosure and Scope **Vimeo** initially stated that the accessed databases primarily contained technical data, video titles, metadata, and, in some cases, customer email addresses. They claimed that user credentials and financial information remained secure and that there were no disruptions to their systems or service. **Vimeo** promptly disabled all **Anodot** credentials and removed the integration with its systems. ## ShinyHunters Leak and Extortion Attempt Following **Vimeo's** disclosure, the **ShinyHunters** cybercrime group leaked a 106GB archive of stolen documents on their dark web data leak site after failing to extort the company. The group claimed the breach was a result of compromised **Snowflake** and **BigQuery** instances due to the **Anodot** vulnerability. "Your Snowflake and Bigquery instances data was compromised thanks to Anodot.com," the extortion gang stated. "The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made."  ## Impact on Users While **Vimeo** has not disclosed the total number of affected individuals, **Have I Been Pwned** reports that the breach exposed the email addresses and, in some cases, names of 119,200 people. ## ShinyHunters' Broader Activities **ShinyHunters** has been linked to a widespread vishing campaign targeting employees' **Microsoft Entra**, **Okta**, and **Google** SSO accounts. They steal data from connected SaaS applications, including **Salesforce**, **SAP**, **Slack**, **Adobe**, **Atlassian**, **Zendesk**, **Dropbox**, **Microsoft 365**, and **Google Workspace**. Other recent breaches claimed by **ShinyHunters** include the **European Commission**, **Rockstar Games**, **McGraw Hill**, **Medtronic**, **Carnival**, **Zara**, **7-Eleven**, and **Udemy**.  ## 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming. At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. [Claim Your Spot](https://hubs.li/Q04crVgD0)