Vimeo Data Breach Linked to Anodot Hack by ShinyHunters Gang

Severity: Medium (Score: 54.8)

Sources: Bleepingcomputer, Vimeo, Uk.Pcmag

Summary

Vimeo has reported a data breach linked to the hacking group ShinyHunters, which exploited a vulnerability in Anodot, a third-party analytics vendor. The breach resulted in the unauthorized access of certain user data, including email addresses, although no login credentials or payment information were compromised. Vimeo has approximately 287 million users, but the exact number affected by this breach is still unclear. ShinyHunters is demanding a ransom to prevent the release of the stolen data, threatening to leak it if their demands are not met by Thursday. The incident highlights the ongoing threat posed by ShinyHunters, known for targeting cloud-based software providers. Vimeo has since removed its integration with Anodot and engaged third-party security experts to investigate the incident. Law enforcement has also been notified of the breach. The breach follows a recent incident where ShinyHunters stole 11GB of data from ADT, affecting 5.5 million users. Key Points: • ShinyHunters exploited Anodot to access Vimeo user data, including email addresses. • No login credentials or payment information were compromised in the breach. • Vimeo has removed Anodot integration and engaged security experts for investigation.

Key Entities

• Data Breach (attack_type)
• ADT (company)
• Anodot (company)
• Rockstar Games (company)
• Snowflake (company)
• Vimeo (platform)
• BigQuery (platform)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1078 - Valid Accounts (mitre_attack)