In April 2026, the ShinyHunters extortion group published data from a third-party analytics vendor breach affecting approximately 119,000 Vimeo user email addresses and names.
What happened
According to Have I Been Pwned, in April 2026 the ShinyHunters extortion group listed Vimeo on their "pay or leak" portal and subsequently published hundreds of gigabytes of data. Vimeo attributed the exposure to a breach at Anodot, a third-party analytics vendor, rather than a direct compromise of Vimeo's own systems.
What was exposed
Reported by HIBP and Bleeping Computer, the published data included approximately 119,000 unique email addresses, sometimes accompanied by user names. The bulk of the leaked material consisted of video titles, technical data, and metadata. Vimeo stated the incident does not include video content, valid login credentials, or payment card information.
Who is affected
Around 119,000 Vimeo users whose email addresses — and in some cases names — were processed by the Anodot analytics platform are affected. Users who have not received direct notification from Vimeo may still want to check whether their email appears in breach databases.
What to do now
Be alert to phishing emails targeting your Vimeo-associated address, as attackers now know it is linked to a Vimeo account. Although login credentials were not reported as exposed, changing your Vimeo password and enabling two-factor authentication is a reasonable precaution. Monitor your inbox for any suspicious messages claiming to be from Vimeo.