The Vimeo data breach exposed 119,167 records including Email addresses, Names. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.
What Happened
In April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign. They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata. The data also included 119k unique email addresses, sometimes accompanied by names. Vimeo attributed the exposure to a breach of Anodot, a third-party analytics vendor, and advised the incident does not include "Vimeo video content, valid user login credentials, or payment card information".
- Breach date
- 2026-04-28
- Records affected
- 119,167
- Verified
- Yes
- Domain
- vimeo.com
What Was Exposed
The following data types were included in the breach:
- Email addresses
- Names
What You Should Do
If you had an account with Vimeo, take these steps immediately:
- Check if your account was affected at HaveIBeenPwned.com
- Watch for phishing emails that reference the breach or impersonate the affected company
- Be alert for social engineering attempts using your exposed personal information
- Enable two-factor authentication on the affected service if available
- Consider using a password manager to generate unique passwords for each service
FAQ
Was my data in the Vimeo breach?
What should I do if my data was exposed in the Vimeo breach?
When did the Vimeo data breach happen?
Need Incident Response?
Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.
Get Incident Response Help