"The incident first surfaced in April when the ShinyHunters crew added Vimeo to its growing 'pay or leak' hit list, claiming it had pulled hundreds of gigabytes of data and threatening to dump the lot unless a deal was struck."
"According to Vimeo, the stolen databases were heavy on technical data, video titles, metadata, and some customer email addresses. The company has been keen to stress what was not included: no actual video content, no valid login credentials, and no payment card information."
"Email lists like this get reused, resold, and recycled into phishing runs for years, especially when they come with enough context to make a message look convincing."
"Vimeo says it has cut off the problem at the source, disabling Anodot credentials, ripping out the integration, and bringing in outside security help while notifying law enforcement."
A breach involving Vimeo has resulted in the extraction of over 119,000 unique email addresses, attributed to a third-party analytics vendor, Anodot. The incident was first reported in April by the ShinyHunters group, which threatened to leak data unless a deal was made. Vimeo confirmed the breach but did not disclose the total number of affected users. The stolen data included technical information and customer email addresses, but no video content or payment information. The attackers claimed deeper access, while Vimeo has since severed ties with Anodot and engaged external security assistance.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]