ShinyHunters Spotlights Rising Supplier Cyber Risk

More than 119,000 Vimeo user email addresses were exposed after the ShinyHunters cybercrime group dumped data it says came from a breach tied to third‑party analytics vendor Anodot. Have I Been Pwned counted 119,000 unique emails, some paired with names; Vimeo confirmed data was taken but said no video content, valid login credentials, or payment card data were included. ShinyHunters claims deeper access to Snowflake and BigQuery instances via Anodot and said negotiations to avoid the dump failed. Vimeo says it disabled Anodot credentials, removed the integration, and engaged external security and law enforcement while investigating. The incident highlights supply‑chain risk from vendor compromises and the phishing/credential misuse threat from leaked email lists.

Two major tech suppliers — utility-technology firm Itron and medical-device giant Medtronic — disclosed unauthorized intrusions in Friday SEC filings. Itron said it detected a breach on April 13, engaged law enforcement and external cybersecurity advisors, and removed the activity; it reported no customer-hosted system impact and expects insurance to cover much of the direct costs. Medtronic acknowledged an unauthorized party accessed corporate IT systems after extortion group ShinyHunters claimed to have stolen over 9 million records and set a ransom deadline; Medtronic said its product, manufacturing and patient-facing systems were unaffected and is investigating potential personal data exposure. The incidents underscore persistent cyber risk to critical-technology suppliers and the operational separation of corporate and product networks.