---
title: "Chess.com Data Breach Exposes Thousands After External Hack"
date: 2025-09-05
author: "Sofia Ramirez"
featured_image: "https://sqmagazine.co.uk/wp-content/uploads/2025/09/chess-com-data-breach.jpg"
categories:
  - name: "Cybersecurity"
    url: "/cybersecurity.md"
tags:
  - name: "News"
    url: "/tag/news.md"
---

# Chess.com Data Breach Exposes Thousands After External Hack

Chess.com has confirmed a data breach that exposed personal details of over 4,500 users after hackers exploited a third party system connected to its network.

## Quick Summary – TLDR:

- **4,541 users affected** after hackers accessed data via a **third party file transfer tool**
- Breach occurred on **June 5, 2025**, discovered on **June 19**
- **No financial or account credentials exposed**, but **personal identifiers were stolen**
- **Free identity protection** offered for **12 months**

## What Happened?

**Online chess platform Chess.com** suffered a **[data breach](https://sqmagazine.co.uk/data-breach-statistics/)** when hackers gained access to an **external system** connected to their network. The breach occurred on **June 5, 2025**, but it was not discovered until **June 19**. A total of **4,541 users** had their **personal data exposed** as a result.

## Details Behind the Breach

The attack was linked to a **third party file transfer application**. Hackers accessed the system on **two occasions**, once on **June 5** and again on **June 18**, before being detected.

While **Chess.com’s core systems, source code, and user accounts were not compromised**, the breach affected **less than 0.003%** of its user base. The exposed data included **names and other personal identifiers**, though Chess.com has not specified the exact types of data accessed.

> Just learned about personal data of almost a million [@chesscom](https://twitter.com/chesscom?ref_src=twsrc%5Etfw) users being exposed on web  
> Could you please confirm or refute this information [@chesscom](https://twitter.com/chesscom?ref_src=twsrc%5Etfw)? Because in accordance with laws,if true,you should inform every user whose data was hacked Very important, please, let us know [pic.twitter.com/dhAzXMFflZ](https://t.co/dhAzXMFflZ)
> 
> — Vladimir Kramnik (@VBkramnik) [September 3, 2025](https://twitter.com/VBkramnik/status/1963125604762444213?ref_src=twsrc%5Etfw)

 The disclosure came via an [official filing with the **Maine Attorney General’s Office**](https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/c605e260-6f98-4a2d-b21d-7ab9d7d16127.html). Impacted individuals began receiving **written notifications** starting **September 3, 2025**.

## Response and Security Measures

Upon discovery, Chess.com launched an **internal investigation**, working alongside **external cybersecurity experts**. The threat has since been **contained**, and the company says it has taken steps to **reinforce its digital defenses**.

Although Chess.com has not shared specifics on what upgrades were made, incidents like this typically lead to stronger **vendor oversight** and **security monitoring**.

Chess.com also reported the incident to **federal law enforcement**, though further details about the investigation remain undisclosed.

Affected users are being offered:

- **12 months of free identity protection** via **IDX**
- Services such as **credit monitoring**, **cyber scanning**, and **identity theft recovery**
- An **enrollment deadline** of **December 3, 2025**

## Chess.com’s Stance

**Elias Colabelli**, Head of the Legal Department and Data Protection Officer at Chess.com, submitted the breach notification and reaffirmed the company’s commitment to **data security** and **regulatory transparency**.

With over **150 million registered users**, **Chess.com is a major global platform** in the [gaming](https://sqmagazine.co.uk/online-gaming-statistics/) and esports world, making it a **prime target for cyberattacks**. This breach shows how even well-established platforms can be vulnerable when **external partners** are compromised.

## SQ Magazine’s Takeaway

Honestly, it’s unsettling to see a **trusted platform like Chess.com** hit by a breach, especially one coming through a **third party tool**. It shows that [cybersecurity](https://sqmagazine.co.uk/cybersecurity-statistics/) is not just about locking down your own systems but also making sure your partners are just as secure. If you’re one of the affected users, don’t brush this off. **Take the free protection, stay alert, and watch for suspicious activity.** This should also be a wake up call for every company working with outside vendors. **One weak link is all it takes.**