Vimeo, the popular video-hosting platform used by creators, businesses, and schools, has confirmed a data breach affecting approximately 119,000 user accounts. The exposed data includes names, email addresses, and hashed passwords. Hashed passwords are scrambled versions that attackers must crack before they can use them — but with modern tools, weak or common passwords can be cracked quickly.
Vimeo says it has notified affected users directly by email. Even if you have not received a message, it is worth securing your account now. Attackers who obtain your email and password from one breach often try the same combination on other sites — a technique called credential stuffing.
How to check if you’re affected
Affected devices include any phone, tablet, or computer where you have a Vimeo account, particularly those running app versions older than the latest release or using passwords shared with other websites.
- Check your email: Look for a message from Vimeo explaining whether your account was included. Check your spam folder too.
- Change your password: Log in at vimeo.com, go to Account Settings → Password, and choose a new password you do not use anywhere else. Use at least 12 characters.
- Enable two-factor authentication: In Account Settings → Security, turn on two-step verification. This means attackers cannot log in even if they have your password.
- Check other accounts: If you used the same password on other sites, change it there too — especially for email, banking, and social media accounts.