Chess.com data breach exposes data of 4,541 users throug third-party compromise

Chess.com LLC, one of the world's largest online chess platforms, is reporting a data breach that exposed the personal information of 4,541 users following unauthorized access to a third-party file transfer application. 

The incident occurred between June 5 and June 18, 2025, but was not discovered until June 19, 2025, when the company identified suspicious activity within its external file transfer infrastructure. Exposed data includes:

• Names of affected users
• Other unspecified personal data elements

The company claims that no financial information, banking details, member account credentials, usernames, or passwords were exposed during the incident and that its core systems, member accounts were not compromised during the attack.

Chess.com has not disclosed the compromised file transfer tool. The company is providing complimentary identity protection services including twelve months of credit monitoring, monitoring for dark web exposure, identity theft recovery assistance, and a $1 million insurance reimbursement policy.