Video service Vimeo confirms Anodot breach uncovered person knowledge

Vimeo has disclosed that knowledge belonging to a few of its prospects and customers has been accessed with out authorization following the latest breach on the Anodot knowledge anomaly detection firm.

The video platform says that the menace actor accessed e-mail addresses for a few of its prospects, however many of the uncovered info included technical knowledge, video titles, and metadata.

“We now have recognized that, because of the Anodot breach, an unauthorized actor accessed sure Vimeo person and buyer knowledge. Our preliminary findings recommend that the databases accessed primarily comprise technical knowledge, video titles and metadata, and, in some instances, buyer e-mail addresses,” Vimeo states.

The Vimeo breach was claimed by the notorious extortion group ShinyHunters, who threatened to publish the stolen knowledge by April 30 except the corporate paid a ransom.

Vimeo is a video internet hosting and streaming platform, one of many largest alternate options to YouTube, enabling over 300 million registered customers to add, host, and share high-quality movies.

The corporate employs over 1,100 folks, has an annual income of $417 million, and is publicly traded on the Nasdaq inventory market.

Yesterday, ShinyHunters listed Vimeo on their extortion portal, claiming to have knowledge from the corporate’s Snowflake and BigQuery situations.

Other than threatening to leak the info, the actor additionally issued a warning to the corporate, stating that the platform ought to count on “a number of annoying digital issues.”

The Anodot incident concerned attackers stealing authentication tokens and utilizing them to entry buyer environments, primarily Snowflake, and exfiltrate knowledge from a number of organizations.

The exercise has been linked to the ShinyHunters extortion group, which is now trying to monetize the breach via extortion and by threatening to leak the stolen knowledge from varied downstream victims.

A kind of victims was sport growth studio Rockstar Video games, with ShinyHunters claiming to have exfiltrated greater than 78.6 million information.

Within the case of Vimeo, nevertheless, the impression stays unclear because the actor didn’t state the quantity of stolen knowledge.

Vimeo has specified that the uncovered knowledge doesn’t embody video content material customers uploaded on the platform, account credentials, or cost card info. Additionally, the platform’s operations remained unaffected.

The corporate has now disabled all Anodot credentials and eliminated the service’s integration with its methods.

Vimeo is now investigating the incident with the assistance of third-party security specialists and has additionally notified legislation enforcement authorities.

The agency promised to supply updates if the investigation uncovers vital new details about the incident.