Vimeo Confirms Data Breach From ShinyHunters

Vimeo Confirms Data Breach From ShinyHunters

Vimeo has confirmed that customer and user data was exposed following a breach at third-party vendor Anodot. The extortion group “ShinyHunters” claimed responsibility, stealing data from Vimeo’s Snowflake and BigQuery instances via compromised authentication tokens. Exposed information includes email addresses, video titles, and technical metadata, though Vimeo clarified that uploaded video content, passwords, and payment details remain secure. The company has since disabled Anodot’s credentials and is working with law enforcement to investigate the incident.

Source: Bleeping Computer

ADT Confirms Data Breach From ShinyHunters

Home security giant ADT has confirmed a data breach after ShinyHunters extortion group threatened to leak stolen information. Detected on April 20, 2026, the breach involves a “limited set” of customer and prospective customer data, including names, phone numbers, and addresses. ShinyHunters claims to have stolen 10 million records and is demanding a ransom by April 27. ADT emphasized that payment details and home security systems remain unaffected and has begun notifying impacted individuals.

Source: Bleeping Computer

Itron Disclosed Data Breach of Internal IT Network

Itron has disclosed a cybersecurity breach of its internal IT network that occurred on April 13, 2026. In an SEC filing, the Washington-based company confirmed that an unauthorized third party gained access to certain corporate systems. Itron stated that its customer-hosted platforms and critical grid-management services remain unaffected. While investigations continue, the firm has remediated the activity and expects insurance to cover a significant portion of the response and recovery costs.

Source: Bleeping Computer

Rituals Data Breach Impacts Membership Data

Luxury cosmetics giant Rituals has disclosed a data breach after attackers gained unauthorized access to its “My Rituals” membership database earlier this month. The company confirmed that hackers downloaded personal details of an undisclosed number of members, including full names, email addresses, phone numbers, birth dates, and home addresses. Rituals emphasized that no passwords or payment information were compromised. While the breach has been contained, the firm warns users to remain vigilant against targeted phishing scams.

Source: Security Affairs

Mastodon Targeted by a Major DDoS Attack

Following a sophisticated attack on Bluesky, the decentralized social platform Mastodon was targeted by a major DDoS attack on April 20, 2026. The assault caused a “major outage” on Mastodon.social, the platform’s flagship server, lasting several hours before mitigation efforts restored access. While a pro-Iran hacktivist group called “313 Team” claimed responsibility for the Bluesky incident, no group has yet taken credit for the Mastodon disruption.

Source: Security Week

Click here to subscribe our Newsletter