Scraped Chess.com user records leaked on hacker forum

On November 8th, 2023, an individual operating under the alias 'DrOne' disclosed scraped data from Chess.com on Breach Forums, including personal information from over 800,000 registered users.

Chess.com, a widely popular platform for chess enthusiasts and social networking, boasts more than 150 million registered users in 2023, making the leaked records a fraction of approximately 0.5% of the total user base.

The exposed data, comprises of

• full names,
• usernames,
• profile links,
• email addresses,
• users' originating countries,
• avatar URLs (containing profile pictures),
• Universally Unique Identifier (UUID),
• User IDs,
• registration dates (with the most recent sign-up in September 2023).

It's not clear how the Chess.com permitted such scraping, and why would a profile view request contain UUID and email address unless specifically permitted.

Although the leaked data does not include passwords, the existence of valid and active email addresses associated with existing Chess.com accounts raises concerns regarding potential identity theft, phishing scams, social engineering attacks, or the cross-referencing of previously leaked login credentials to obtain passwords.

Users are strongly advised to change their passwords not only on Chess.com but also on any other online accounts where the same password is used.