GoKawiilVimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company.
The video platform says that the threat actor accessed email addresses for some of its customers, but most of the exposed information included technical data, video titles, and metadata.
"We have identified that, as a result of the Anodot breach, an unauthorized actor accessed certain Vimeo user and customer data. Our initial findings suggest that the databases accessed primarily contain technical data, video titles and metadata, and, in some cases, customer email addresses," Vimeo states.
The Vimeo breach was claimed by the infamous extortion group ShinyHunters, who threatened to publish the stolen data by April 30 unless the company paid a ransom.
Vimeo is a video hosting and streaming platform, one of the largest alternatives to YouTube, enabling over 300 million registered users to upload, host, and share high-quality videos.
The company employs over 1,100 people, has an annual revenue of $417 million, and is publicly traded on the Nasdaq stock market.
Yesterday, ShinyHunters listed Vimeo on their extortion portal, claiming to have data from the company's Snowflake and BigQuery instances.
Apart from threatening to leak the data, the actor also issued a warning to the company, stating that the platform should expect “several annoying digital problems.”
Source: BleepingComputer
The Anodot incident involved attackers stealing authentication tokens and using them to access customer environments, primarily Snowflake, and exfiltrate data from multiple organizations.
... continue reading