Vimeo data leak: 119,000 email addresses affected
The cyber gang ShinyHunters stole data from Vimeo at Anodot and put it on the darknet. Have-I-Been-Pwned has now included it.
(Image: CarpathianPrince/Shutterstock.com)
Last week, the cyber gang ShinyHunters posted data from the video service Vimeo on the darknet after Vimeo apparently refused to pay a ransom. The Have-I-Been-Pwned project has now added it: Around 119,000 email addresses are affected.
Vimeo has already admitted a data leak. The provider is aware of the breach at the analytics service provider Anodot. Unauthorized parties have accessed certain Vimeo user and customer data. According to investigations, the databases essentially contain technical data, video titles and metadata, as well as, in some cases, customer email addresses. However, they do not contain any Vimeo video content, valid user credentials, or payment information.
Data added to Have-I-Been-Pwned
Operator Troy Hunt of the Have-I-Been-Pwned project (HIBP) has now received the data, amounting to hundreds of GBytes, and integrated it into the searchable database. This increased the database by 119,200 new email address entries. In addition to the email address, the data also includes the names of Vimeo users in some cases. However, the data fund primarily consists of non-reusable video titles, technical data, and metadata.
Videos by heise
However, malicious actors can misuse data such as email addresses and names for targeted and more credible phishing; after all, it is known that the owners are registered with Vimeo and watch videos there. Anyone receiving emails with related topics and subjects as a Vimeo user should therefore remain vigilant and check whether the email can actually be genuine.
Large amounts of data stolen by the cyber gang ShinyHunters often end up in the HIBP database. At the end of February, data from 12.5 million CarGurus customers was added.
(dmk)
