Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
ShinyHunters’ Instructure Canvas LMS and Vimeo Breaches Impact Millions of Users Deeba Ahmed
ShinyHunters breached Instructure and Vimeo, exposing millions of student and user records through direct and supply chain attacks.
6 de Maio de 2026, 14:28

ShinyHunters’ Instructure Canvas LMS and Vimeo Breaches Impact Millions of Users

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News

6 de Maio de 2026, 14:28

ShinyHunters breached Instructure and Vimeo, exposing millions of student and user records through direct and supply chain attacks.

Cybersecurity News
Vimeo Data Exposed in Anodot Supply Chain Attack Ddos
The post Vimeo Data Exposed in Anodot Supply Chain Attack appeared first on Daily CyberSecurity. Related posts: OpenAI API Users Exposed in Mixpanel Security Breach The BPO Backdoor: How “Mr. Raccoon” Swiped 13 Million Adobe Support Tickets Cloudflare Confirms Supply Chain Attack, Customer Support Data Exposed
28 de Abril de 2026, 22:29

Vimeo Data Exposed in Anodot Supply Chain Attack

Cybersecurity News

Por:Ddos

28 de Abril de 2026, 22:29

The post Vimeo Data Exposed in Anodot Supply Chain Attack appeared first on Daily CyberSecurity.

ShinyHunters exploit Anodot incident to target Vimeo

Security Affairs

Por:Pierluigi Paganini

29 de Abril de 2026, 04:18

The video platform Vimeo confirmed a security breach via Anodot that exposed metadata, video titles, and some user emails.

Vimeo said some user data was accessed after a breach at Anodot. Anodot is a company that provides AI-driven data analytics and anomaly detection tools.

Most of the exposed information includes technical data, video titles, and metadata, while some customer email addresses were also affected. Vimeo says the incident did not expose user-uploaded videos, login credentials, or payment card data, and its platform continues to operate normally without disruption.

Vimeo noted the incident came from a third-party breach.

“Vimeo is aware of a security incident affecting Anodot, a third-party analytics vendor used by Vimeo and many other companies.” reads the notice published by Vimeo. “We have identified that, as a result of the Anodot breach, an unauthorized actor accessed certain Vimeo user and customer data. Our initial findings suggest that the databases accessed primarily contain technical data, video titles and metadata, and, in some cases, customer email addresses.”

In response to the incident, the company disabled all Anodot credentials and removed its integration with the service to stop further access. Vimeo notified law enforcement and is still investigating the incident with the help of external security experts.

Hackers from the extortion group ShinyHunters claimed the Vimeo breach and threaten to leak stolen data by April 30 if the company refuses to pay a ransom. They also warn Vimeo about possible “digital problems” if demands go unmet.

“Your Snowflake and Bigquery instances data was compromised thanks to Anodot.com. Pay or Leak.” reads the announcement published by ShinyHunters on its Tor data leak site. “This is a final warning to reach out by 30 Apr 2026 before we leak along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.”

The attackers say they accessed data from Vimeo’s Snowflake and BigQuery environments. They also list the company on their leak site as part of their pressure campaign against the organization.

Attackers linked to the ShinyHunters group stole authentication tokens from Anodot and used them to access customer cloud environments, mainly Snowflake, to extract data from several organizations. The group now tries to monetize the breach through extortion and leak threats.

They also claim they took more than 78.6 million records from game studio Rockstar Games, though they have not confirmed the exact amount of data taken from Vimeo.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ShinyHunters)