Ethical Hacking News
Chess.com has disclosed a recent data breach affecting its user base due to unauthorized access to a third-party file transfer application. The platform has taken steps to secure its systems, offered free identity theft and credit monitoring services to impacted users, and emphasized that the incident only affected the unnamed third-party app.
Chess.com suffered a data breach in June 2025 due to unauthorized access to a third-party file transfer application.Potentially exposed personally identifiable information (PII) including names, usernames, and geographic locations.No financial information was exposed, but some data may have been accessed.Chess.com has offered impacted users 1-2 years of free identity theft and credit monitoring services.This is the second cyber incident faced by Chess.com in recent times (following an API flaw breach in November 2023).
Chess.com, a leading online chess portal and social networking website for enthusiasts of the game, has disclosed a recent data breach affecting its massive user base. The incident, which occurred in June 2025, involved unauthorized access to a third-party file transfer application used by Chess.com, resulting in potential exposure of personally identifiable information (PII).
According to the notice sent to impacted users, Chess.com became aware of potential unauthorized access on June 19, 2025, and promptly launched an investigation to determine the scope and impact of the breach. The platform has emphasized that the incident only affected the unnamed third-party app, while its own infrastructure and member accounts remained unaffected.
During the investigation, it was determined that the data that may have been accessed includes names, usernames, and other PII, which have not been included in the sample notices shared with law enforcement authorities. Chess.com has also stated that no financial information has been exposed, and there is currently no evidence that the stolen data has been publicly disclosed or misused yet.
In response to the incident, Chess.com has taken additional measures to secure its systems, notified federal law enforcement accordingly, and offered impacted members 1-2 years of free identity theft and credit monitoring services. Impacted users are recommended to enroll in these services as soon as possible, with a deadline for enrollment set at December 3, 2025.
This data breach marks the second cyber incident faced by Chess.com in recent times. In November 2023, over 800,000 user records were scraped from its website using an API flaw and later posted on a hacking forum. The exposed information included email addresses, full names, usernames, and geographic locations.
The recent incident serves as a reminder of the importance of robust cybersecurity measures to protect sensitive user data. It also highlights the need for businesses to regularly review and update their third-party vendors and applications to prevent similar breaches in the future.
Chess.com's actions in response to this incident demonstrate its commitment to protecting user data and maintaining the trust of its massive user base. As the online chess portal continues to grow and evolve, it is essential that users remain vigilant and take proactive steps to safeguard their personal information.
In light of this recent incident, it is crucial for businesses and individuals alike to prioritize cybersecurity awareness and stay informed about emerging threats and best practices in data protection.
Related Information:
https://www.ethicalhackingnews.com/articles/Data-Breach-Disclosure-Chesscom-Addresses-Unauthorized-Access-to-Third-Party-File-Transfer-Application-ehn.shtml
https://www.bleepingcomputer.com/news/security/chesscom-discloses-recent-data-breach-via-file-transfer-app/
Published: Thu Sep 4 13:10:30 2025 by llama3.2 3B Q4_K_M
