Vimeo, a video hosting and sharing platform, is the latest victim claimed by ShinyHunters. The extortion gang claims to have compromised the company’s Snowflake and BigQuery instances and is demanding a ransom.
On April 28th, 2026, ShinyHunters, a notorious cybercrime and extortion gang, posted ransom demands targeting Vimeo, the hosting platform known for high-quality videos.
The cybercriminals hint that the breach stems from a previous compromise of Anodot, an Israeli business analytics firm.
“Vimeo, Inc., your Snowflake and BigQuery instances' data was compromised thanks to Anodot.com. Pay or Leak,” the post on the dark web victim site reads.
The post doesn’t provide any specific details regarding the amount or type of data stolen, the sum demanded for silence, or whether the breach impacts site creators or users. The gang has given the company two days to respond as a “final warning”, which likely means the negotiations are not fruitful.
Vimeo says attackers accessed certain user and customer data
“We’re aware of the incident under discussion, which relates to a security incident involving a third-party provider. We’ve taken appropriate steps to secure our environment and continue to monitor the situation closely,” a Vimeo spokesperson told Cybernews.
The company also released a blog post detailing that “as a result of the Anodot breach, an unauthorized actor accessed certain Vimeo user and customer data.”
The initial findings indicate that the attackers accessed databases containing primarily technical data, video titles, and metadata, and, in some cases, customer email addresses.
“The data accessed does not include Vimeo video content, valid user login credentials, or payment card information,” the company assures.
“Vimeo user and customer login credentials are secure. This incident did not cause any disruption to our systems or service.”
Vimeo said it promptly disabled all Anodot credentials, removed integrations, and engaged with third-party security experts to assist with the investigation.
“Our investigation is ongoing, and we’ll continue to take appropriate measures as we learn more.”
Cybernews previously reported that Snowflake customers are being targeted after Anodot, the third-party integration platform, suffered a security breach. Bleeping Computer reported that over a dozen companies might have suffered subsequent cyberattacks after attackers obtained authentication tokens from “a compromised SaaS integration provider.”
Companies use Snowflake as a cloud data warehouse to store and analyze large volumes of business data. Meanwhile, BigQuery is Google’s cloud data warehouse for similar purposes.
ShinyHunters is a persistent threat with a proven track record of major cyberattacks.
The potential danger is that ShinyHunters could have obtained user analytics, account, and other business operations data, potentially including personally identifiable information, which could help fuel additional cyberattacks.
In recent weeks, ShinyHunters dumped data allegedly belonging to Udemy, a popular e-learning platform, and also claimed attacks on ADT Inc., Amtrak, RockStar Games, Hims & Hers, Hallmark, the European Commission, Ameriprise Financial, as well as leaked data from Mytheresa, Zara, Carnival, and 7-Eleven.
Updated on February 20th [09:10 a.m. GMT] with a statement from Vimeo.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked