// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
Breach Record

Vimeo

DISCLOSED 2026-04-30 · SUPPLY CHAIN · 119,000 RECORDS EXPOSED

Vimeo suffered a data breach affecting 119,000 users after threat actor ShinyHunters compromised data anomaly detection company Anodot. The breach, disclosed in April 2026, exposed personal information. The attack vector was a supply chain compromise through Anodot.

The record

What we know

Disclosed
2026-04-30
Attack vector
Supply Chain
Sector
technology
Records exposed
119,000
Domain
vimeo.com
Data classes exposed
personal information
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · unclear · opinion

The attack originated from a third-party breach at Anodot, not directly on Vimeo's endpoints. It is unclear if a positive-security model on Vimeo's systems would have prevented the data exposure, as the breach occurred through a supply chain compromise.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other supply chain breaches on file

This page is the permanent ColdRecon entry for the Vimeo disclosure. It updates if new public reporting emerges. All tracked breaches →

Vimeo just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →