A Vimeo leak tied to the company’s April 2026 Anodot third-party security incident has been indexed on leaksear.ch with 74,147 records and roughly 119,000 user email addresses (leaksear.ch metadata). The indexed data includes emails, names, account and customer identifiers, Vimeo plan and business metadata, CRM fields, and request IPs from Google Cloud Storage access logs (leaksear.ch metadata).
What happened
Vimeo published a security notice on April 27, 2026, saying it was aware of an incident affecting Anodot, a third-party analytics vendor used by Vimeo and other companies. Vimeo said an unauthorized actor accessed certain Vimeo user and customer data as a result of the Anodot breach, and said the accessed databases primarily contained technical data, video titles, metadata, and in some cases customer email addresses (vimeo.com).
The company said the accessed data did not include Vimeo video content, valid user login credentials, or payment card information. Vimeo also said it disabled Anodot credentials, removed the Anodot integration from Vimeo systems, engaged outside security experts, notified law enforcement, and later updated the notice on May 15, 2026, to say its investigation was complete and potentially impacted users and customers had been contacted as appropriate (vimeo.com).
Public breach reporting linked the incident to ShinyHunters, which had listed Vimeo in a pay-or-leak campaign and claimed data from Snowflake and BigQuery instances. Have I Been Pwned listed the Vimeo breach as affecting 119.2 thousand accounts, with email addresses and sometimes names exposed, while BleepingComputer reported that a 106GB archive was later posted after the extortion attempt failed (haveibeenpwned.com, bleepingcomputer.com, theregister.com).
What data was exposed
Leaksear.ch metadata describes the indexed material as a BigQuery export of Google Cloud Storage access logs and a Snowflake export of internal analytics tables covering registrants, lead funnel data, JotForm contracts, DFA registrations, and Salesforce opportunities (leaksear.ch metadata).
The searchable fields in the indexed leak are email addresses, names, and IP addresses (leaksear.ch metadata). Other stored fields include account IDs, Vimeo user IDs, company and business fields, company size, plan and plan type, project type, deal type, Salesforce opportunity name and stage, source table, video or object request metadata, URI and referrer fields, user agent information, status codes, occurrence counts, and first-seen timestamps (leaksear.ch metadata).
Have I Been Pwned separately lists email addresses and names as the compromised data classes for the public Vimeo breach entry, and Vimeo’s own notice states that the data did not include video content, valid login credentials, or payment card information (haveibeenpwned.com, vimeo.com).
Why this matters
The main risk is targeted phishing and social engineering, especially because names, emails, company context, plan information, CRM fields, and log metadata can give attackers credible details for Vimeo, vendor, or account-support themed lures. The risk is different from a password dump, since Vimeo and Have I Been Pwned both indicate that valid login credentials were not part of the exposed data (vimeo.com, haveibeenpwned.com). Security teams should watch for suspicious messages referencing Vimeo accounts, customer plans, projects, contracts, or vendor analytics workflows, and affected individuals should be cautious with unsolicited login or payment prompts. Readers who want to confirm whether they are affected should check this leak using their email address, name, or IP address.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include email, ip address, and name.