Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform.
The incident occurred in June 2025, with the threat actors maintaining access to the said application for two weeks, between June 5 and June 18.
Chess.com discovered the breach on June 19, 2025, and launched an investigation to determine its scope and impact.
"On June 19, 2025, Chess.com became aware of potential unauthorized access to data stored in a third-party file transfer application used by Chess.com," reads the notice sent to impacted users.
"Upon becoming aware of the incident, we started an investigation, retained leading experts, notified federal law enforcement, and began taking measures to address the incident."
According to the investigation, the incident affects only a very small percentage of the platform's massive 100 million user base, estimated to be just over 4,500 users.
Chess.com is one of the world's largest online chess portals, operating as a match hosting platform and also a social networking website for lovers of the game.
The platform has emphasized that the incident only affected the unnamed third-party app, while its own infrastructure and member accounts remained unaffected.
Still, the data that may have been accessed includes names and other personally identifiable information (PII) that has not been included in the sample notices Chess.com shared with the authorities.
Chess.com noted that no financial information has been exposed, and it has no evidence that the stolen data has been publicly disclosed or misused yet.
... continue reading