• Home
  • cyber
  • Rockstar Games, Anodot, McGraw Hill, Vimeo, Match Group and ADT: Video site Vimeo blames security incident on Anodot breach
cyber Breach

Rockstar Games, Anodot, McGraw Hill, Vimeo, Match Group and ADT: Video site Vimeo blames security incident on Anodot breach

Apr 27, 2026 2 min read
Rockstar Games, Anodot, McGraw Hill, Vimeo, Match Group and ADT: Video site Vimeo blames security incident on Anodot breach

Vimeo Confirms Data Breach via Third-Party Analytics Vendor Anodot

Vimeo has disclosed a data breach stemming from a security incident at Anodot, its third-party business analytics provider. The breach, attributed to the cybercriminal group ShinyHunters, exposed certain user and customer data, though no video content, login credentials, or payment information was compromised.

According to Vimeo’s statement, the accessed data primarily included technical metadata, video titles, and, in some cases, customer email addresses. The company responded by revoking Anodot’s access, removing the integration, and enlisting third-party security experts to investigate. Law enforcement has also been notified.

ShinyHunters listed Vimeo on its leak site on Tuesday, threatening to release stolen data unless a ransom was paid by Thursday. The group has been linked to a series of high-profile attacks in 2026, including breaches at McGraw Hill, ADT, and Rockstar Games with the latter also tied to the Anodot compromise. Reports suggest a broader supply-chain attack involving Anodot may have exposed data from multiple organizations.

Google Threat Intelligence previously detailed ShinyHunters’ tactics, which rely on phishing schemes rather than software vulnerabilities. Despite law enforcement crackdowns in 2025, the group remains active, recently targeting Match Group (owner of Tinder, Hinge, and OkCupid) before shifting focus to its current campaign. The investigation into the Vimeo breach is ongoing.

Source: https://therecord.media/vimeo-blames-security-incident-on-anodot-breach

Rockstar Games TPRM report: https://www.rankiteo.com/company/rockstar-games

Anodot TPRM report: https://www.rankiteo.com/company/anodot-ai

McGraw Hill TPRM report: https://www.rankiteo.com/company/mcgraw-hill-education

Vimeo TPRM report: https://www.rankiteo.com/company/vimeo

Match Group TPRM report: https://www.rankiteo.com/company/matchgroup

ADT TPRM report: https://www.rankiteo.com/company/adtelligent

"id": "rocanovimmcgmatadt1777395770",
"linkid": "rockstar-games, anodot-ai, vimeo, mcgraw-hill-education, matchgroup, adtelligent",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Video Hosting/Streaming',
                        'name': 'Vimeo',
                        'type': 'Company'},
                       {'industry': 'Business Analytics',
                        'name': 'Anodot',
                        'type': 'Third-Party Vendor'}],
 'attack_vector': 'Third-Party Vendor Compromise',
 'customer_advisories': 'Public disclosure of breach details',
 'data_breach': {'data_exfiltration': 'Yes (threatened by ShinyHunters)',
                 'personally_identifiable_information': 'Email addresses',
                 'sensitivity_of_data': 'Low to Moderate',
                 'type_of_data_compromised': ['Technical metadata',
                                              'Video titles',
                                              'Customer email addresses']},
 'description': 'Vimeo has disclosed a data breach stemming from a security '
                'incident at Anodot, its third-party business analytics '
                'provider. The breach, attributed to the cybercriminal group '
                'ShinyHunters, exposed certain user and customer data, though '
                'no video content, login credentials, or payment information '
                'was compromised. The accessed data primarily included '
                'technical metadata, video titles, and, in some cases, '
                'customer email addresses.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage',
            'data_compromised': 'Technical metadata, video titles, customer '
                                'email addresses',
            'identity_theft_risk': 'Low (no PII beyond email addresses)',
            'payment_information_risk': 'None'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Threatened',
                           'entry_point': 'Third-party vendor (Anodot)'},
 'investigation_status': 'Ongoing',
 'motivation': 'Extortion (Ransom)',
 'post_incident_analysis': {'corrective_actions': 'Revoked vendor access, '
                                                  'removed integration',
                            'root_causes': 'Third-party vendor compromise '
                                           '(Anodot)'},
 'ransomware': {'data_encryption': 'No',
                'data_exfiltration': 'Yes',
                'ransom_demanded': 'Yes (threatened)'},
 'references': [{'source': 'Vimeo Statement'},
                {'source': 'ShinyHunters Leak Site'},
                {'source': 'Google Threat Intelligence'}],
 'response': {'communication_strategy': 'Public disclosure',
              'containment_measures': 'Revoked Anodot’s access, removed '
                                      'integration',
              'incident_response_plan_activated': 'Yes',
              'law_enforcement_notified': 'Yes',
              'third_party_assistance': 'Third-party security experts '
                                        'enlisted'},
 'threat_actor': 'ShinyHunters',
 'title': 'Vimeo Data Breach via Third-Party Analytics Vendor Anodot',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.