Chess.com has confirmed a data breach caused by a compromised third-party file transfer application, exposing the personal details of a small portion of its users.
The company said attackers gained access between June 5 and June 18, 2025, with the breach discovered on June 19. An investigation was launched immediately, and federal law enforcement agencies were notified. Cybersecurity experts were also brought in to contain the incident.
According to Chess.com, only about 4,500 users—roughly 0.003% of its 100 million members—were affected. The exposed data may include names and personal identifiers, but the company stressed that no passwords, financial details, or user accounts were compromised. So far, there is no evidence that the stolen information has been misused.
Starting September 3, Chess.com began notifying impacted users. The company is also offering 12 months of free identity theft protection and credit monitoring services through IDX, with enrollment open until December 3, 2025.
This is the second security incident in recent years for the popular online chess platform. In 2023, more than 800,000 accounts were exposed in a separate breach linked to data scraping.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
