Chess.com has confirmed a data breach that exposed personal details of over 4,500 users after hackers exploited a third party system connected to its network.
Quick Summary – TLDR:
- 4,541 users affected after hackers accessed data via a third party file transfer tool
- Breach occurred on June 5, 2025, discovered on June 19
- No financial or account credentials exposed, but personal identifiers were stolen
- Free identity protection offered for 12 months
What Happened?
Online chess platform Chess.com suffered a data breach when hackers gained access to an external system connected to their network. The breach occurred on June 5, 2025, but it was not discovered until June 19. A total of 4,541 users had their personal data exposed as a result.
Details Behind the Breach
The attack was linked to a third party file transfer application. Hackers accessed the system on two occasions, once on June 5 and again on June 18, before being detected.
While Chess.com’s core systems, source code, and user accounts were not compromised, the breach affected less than 0.003% of its user base. The exposed data included names and other personal identifiers, though Chess.com has not specified the exact types of data accessed.
Just learned about personal data of almost a million @chesscom users being exposed on web
— Vladimir Kramnik (@VBkramnik) September 3, 2025
Could you please confirm or refute this information @chesscom? Because in accordance with laws,if true,you should inform every user whose data was hacked Very important, please, let us know pic.twitter.com/dhAzXMFflZ
The disclosure came via an official filing with the Maine Attorney General’s Office. Impacted individuals began receiving written notifications starting September 3, 2025.
Response and Security Measures
Upon discovery, Chess.com launched an internal investigation, working alongside external cybersecurity experts. The threat has since been contained, and the company says it has taken steps to reinforce its digital defenses.
Although Chess.com has not shared specifics on what upgrades were made, incidents like this typically lead to stronger vendor oversight and security monitoring.
Chess.com also reported the incident to federal law enforcement, though further details about the investigation remain undisclosed.
Affected users are being offered:
- 12 months of free identity protection via IDX
- Services such as credit monitoring, cyber scanning, and identity theft recovery
- An enrollment deadline of December 3, 2025
Chess.com’s Stance
Elias Colabelli, Head of the Legal Department and Data Protection Officer at Chess.com, submitted the breach notification and reaffirmed the company’s commitment to data security and regulatory transparency.
With over 150 million registered users, Chess.com is a major global platform in the gaming and esports world, making it a prime target for cyberattacks. This breach shows how even well-established platforms can be vulnerable when external partners are compromised.
SQ Magazine Takeaway
Honestly, it’s unsettling to see a trusted platform like Chess.com hit by a breach, especially one coming through a third party tool. It shows that cybersecurity is not just about locking down your own systems but also making sure your partners are just as secure. If you’re one of the affected users, don’t brush this off. Take the free protection, stay alert, and watch for suspicious activity. This should also be a wake up call for every company working with outside vendors. One weak link is all it takes.
