Vimeo Ransomware Claim by ShinyHunters (Apr 2026)

Claim Summary

On April 28, 2026, the ransomware group ShinyHunters posted an unverified claim on their dark web leak site alleging a data breach at Vimeo, Inc., a US-based technology company. According to the threat actor, the attack compromised Vimeo’s Snowflake and BigQuery database instances, with the intrusion purportedly facilitated through a third-party vendor, Anodot.com. The group issued a “FINAL WARNING” demanding payment by April 30, 2026, threatening to leak the data and cause unspecified “digital problems” if the ransom is not paid. The volume of allegedly stolen data has not been disclosed. This report is based solely on the threat actor’s claims and has not been independently verified.

Threat Actor Profile

ShinyHunters is a ransomware and data extortion group with a known track record of targeting technology and e-commerce companies. According to available intelligence, the group has claimed responsibility for 72 known victims. Their tactics typically involve exploiting misconfigured cloud environments, compromised credentials, and third-party vendor access to exfiltrate sensitive data. While ShinyHunters has historically focused on data theft and extortion rather than deploying ransomware, their recent claims suggest an evolution toward hybrid extortion tactics. The group’s credibility is mixed; some past claims have been verified, while others have been exaggerated or fabricated to pressure victims. No public YARA rules or specific detection guidance are currently available for ShinyHunters.

Alleged Data Exposure

ShinyHunters claims that Vimeo’s Snowflake and BigQuery instances were compromised, with the attack allegedly originating from a breach at Anodot.com, a business analytics platform. The threat actor has not provided samples or specific details about the data allegedly stolen, nor have they disclosed the volume or types of records involved. Based on the nature of the targeted platforms, potential exposure could include customer account information, video metadata, billing records, and internal analytics data. However, without independent verification, the scope and authenticity of this claim remain uncertain.

Potential Impact

If the claim is substantiated, the impact on Vimeo could be significant. The compromise of Snowflake and BigQuery instances could expose sensitive customer data, including personal information, payment details, and proprietary business analytics. This could lead to regulatory scrutiny under data protection laws, potential fines, and reputational damage. Additionally, the threat actor’s warning of “digital problems” suggests possible service disruptions or further attacks. Vimeo’s customers, particularly content creators and businesses using the platform for video hosting, may face privacy risks and potential phishing attacks if their data is leaked.

What to Watch For

• Monitor ShinyHunters’ leak site for any posted data samples or full leaks after April 30, 2026.
• Watch for official statements from Vimeo or Anodot.com regarding the alleged breach.
• Be alert for phishing campaigns targeting Vimeo users, as threat actors may use leaked data to craft convincing social engineering attacks.
• Organizations using Snowflake or BigQuery should review their security configurations and third-party vendor access controls.

Disclaimer

This report is based on unverified claims made by the ransomware group ShinyHunters. Yazoul Security has not independently confirmed the breach, the data involved, or the authenticity of the threat actor’s statements. Ransomware groups frequently exaggerate or fabricate claims to pressure victims. All information should be treated as preliminary and subject to change upon verification. No data samples, download links, or access credentials are provided in this report. Organizations should exercise caution and rely on official communications from Vimeo for accurate information.