Chess.com has revealed a data breech, when the danger actors have achieved unauthorized access to the third-party file transfer application used by the platform.
The incident took place in June 2025, in which the danger actors maintained access to the said application for two weeks between June 5 and June 18.
Chess.com discovered violations on June 19, 2025, and began an investigation to determine its scope and impact.
“On June 19, 2025, the potentially unauthorized access to data stored in the third-party file transfer application used by Chess.com Chess.com, revealed,” written to the affected users.
“When being aware of the incident, we started an investigation, retained prominent experts, informed the federal law enforcement, and took measures to address the incident.”
According to the investigation, the incident affects only a very small percentage of 100 million user base of the platform, estimated by more than 4,500 users.
Chesses.com is one of the world’s largest online chess portals working as a match hosting platform and is also a social networking website for sports lovers.
The forum has emphasized that this incident affected only the unknown third party app, while its own infrastructure and member accounts remained unaffected.
Nevertheless, the data that can be accessed includes names and other individually identified information (PII), which is not included in the sample notice chess.com. Authority,
Chess.com said no financial information has been revealed, and there is no evidence that the stolen data has been publicly disclosed or misused.
The platform states that he has taken additional measures to secure his system and has notified law enforcement accordingly. It also provides 1-2-year free identity theft and credit monitoring services to the affected members.
The letter recipients are given to the recipients to enroll in the proposed services by 3 December, 2025, but it is recommended to do so as soon as possible.
In November 2023, Chess.com suffered another cyber phenomenon, where more than 800,000 user records were scored from their website by exploiting API defects and later posted on a hacking forum.
Information revealed in that case included, According to HasibeenpwnedEmail address, full name, user name and geographical location.
Bleepingcomputer has approached Chesses.com what type of data has been exposed and the third party name is also to ask, but we are still waiting for the response.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
