Chess.com confirms a restricted information breach affecting 4,500 customers after a third-party file switch instrument was compromised. No passwords or funds uncovered.
Chess.com has confirmed {that a} latest incident uncovered data belonging to simply over 4,500 customers after attackers gained unauthorised entry via a third-party file switch software earlier this summer time.
Despite the fact that the breach solely impacted a small portion of Chess.com’s 150 million customers, it’s nonetheless regarding for the reason that web site has suffered a number of information breaches lately.
The corporate defined that the breach passed off in two separate assaults on June 5 and June 18 2025. Investigators decided that attackers focused a file switch instrument, not Chess.com’s personal programs, which helped restrict the size of publicity.
In response to Chess.com, no account credentials, passwords, or cost information had been affected. As an alternative, the compromised recordsdata contained names and different identifiers. The platform says its most important programs stay safe, and that the breach didn’t have an effect on the power of members to log in or play.
Notifications in regards to the breach started going out to impacted customers on September 3. Alongside these notices, Chess.com mentioned it has concerned federal regulation enforcement, employed exterior cybersecurity specialists to research, and is providing free identification safety providers to assist customers control potential misuse of their data.
Earlier Cybersecurity Points with Chess.com
For long-time gamers, this isn’t the primary time they’ve heard of their platform going through cybersecurity troubles. In 2021, researchers recognized a flaw that might have uncovered the information of fifty million Chess.com customers, but it surely was responsibly reported to the corporate and by no means abused by attackers.
On November 10, 2023, hackers posted 800,000 scraped Chess.com consumer data on a hacking discussion board. Simply two days later, one other 476,000 data appeared on the identical web site. Chess.com later defined to Hackread.com that the leaks had been the results of API abuse relatively than a direct system breach.
However, the distinction with the 2025 breach is that it originated from a third-party vendor, not from automated scraping or credential leaks. Plus, it solely features a few hundred customers’ information. But, gamers ought to stay alert, use robust, distinctive passwords, and look ahead to suspicious exercise linked to their accounts.
