Vimeo is aware of a security incident affecting Anodot, a third-party analytics vendor used by Vimeo and many other companies. The Google Threat Intelligence report associated with the unauthorized actor claiming responsibility for the Anodot incident can be found at this link.
We have identified that, as a result of the Anodot breach, an unauthorized actor accessed certain Vimeo user and customer data. Our initial findings suggest that the databases accessed primarily contain technical data, video titles and metadata, and, in some cases, customer email addresses.
The data accessed does not include Vimeo video content, valid user login credentials, or payment card information.
Vimeo user and customer login credentials are secure. This incident did not cause any disruption to our systems or service.
Upon learning of the incident, we promptly disabled all Anodot credentials, removed the Anodot integration with Vimeo systems, and engaged third-party security experts to assist with the investigation. We have also notified law enforcement.
These are the key steps we’ve taken so far. Our investigation is ongoing, and we’ll continue to take appropriate measures as we learn more. This blog post will be updated as more information becomes available, where relevant.
Vimeo Security
