Update: May 15. Our investigation into this incident is now complete. Users and customers whose data was potentially impacted have been contacted as appropriate.
Vimeo is aware of a security incident affecting Anodot, a third-party analytics vendor used by Vimeo and many other companies. The Google Threat Intelligence report associated with the unauthorized actor claiming responsibility for the Anodot incident can be found at this link.
We have identified that, as a result of the Anodot breach, an unauthorized actor accessed certain Vimeo user and customer data. Our initial findings suggest that the databases accessed primarily contain technical data, video titles and metadata, and, in some cases, customer email addresses.
The data accessed does not include Vimeo video content, valid user login credentials, or payment card information.
Vimeo user and customer login credentials are secure. This incident did not cause any disruption to our systems or service.
Upon learning of the incident, we promptly disabled all Anodot credentials, removed the Anodot integration with Vimeo systems, and engaged third-party security experts to assist with the investigation. We have also notified law enforcement.
Vimeo Security
