Chess.com Reports Data Breach via Third-Party File Transfer Tool

Online chess platform Chess.com said it suffered a significant data security breach after threat actors gained unauthorised access to a third-party file transfer application the platform uses for data management.

 

World’s largest online chess platform, Chess.com a social networking site where users can play live and daily chess games with opponents globally, solve puzzles, and improve their skills with lessons and computer analysis.

 

In a data security incident notice submitted to the Office of the Maine Attorney General, Chess.com said that on June 19, it became aware of unauthorised access to data stored in a third-party file transfer application used by the platform. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The investigation has determined on June 5 and 18, 2025 an unauthorised actor gained access to the third-party file transfer application and acquired certain Chess.com data for fewer than .003% of users. Chess.com’s code and its member accounts were not compromised,” the online gaming platform said.

 

The compromised data included names and other personal identifiers, however, no financial data was affected as a result of this incident. The filing with the Maine state regulator’s office also states that Chess.com has identified 4,541 individuals affected by the incident.

 

“Upon learning of the incident, we took prompt steps to investigate the nature and scope of the incident and notified law enforcement. We also took measures to further secure our systems. The incident has been contained,” the company added.

 

Chess.com has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Chess.com. The company also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.