Video hosting platform Vimeo has confirmed that hackers have stolen user and customer data following an attack involving a third-party vendor.
According to Vimeo, hackers accessed databases containing technical data, video titles and metadata, and the email addresses of some customers.
“The data accessed does not include Vimeo video content, valid user login credentials, or payment card information,” the company said. “Vimeo user and customer login credentials are secure. This incident did not cause any disruption to our systems or service.”
Vimeo said the attackers targeted the Anodot analytics platform. Following the incident, Anodot credentials have been disabled and integration with Vimeo systems has been removed.
The investigation is ongoing and law enforcement has been notified.
“We’ve taken steps to secure our environment and continue to monitor the situation closely,” a Vimeo spokesperson told SecurityWeek.
ShinyHunters has taken credit for the Vimeo hack, claiming to have obtained data from the company’s Snowflake and BigQuery instances. The group is threatening to leak stolen files unless a ransom is paid. The company has been given until April 30 to respond.
The cybercrime group has been targeting organizations’ Salesforce instances and other widely used services.
At the time of writing, the ShinyHunters website lists three organizations allegedly targeted via Anodot: Vimeo, Rockstar Games, and fashion retail giant Zara.
Related: Next.js Creator Vercel Hacked
Related: Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack
Related: Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak
Related: Luxury Cosmetics Giant Rituals Discloses Data Breach
